[packagekit] ServicePack: The magic file

Tim Lauridsen tim.lauridsen at googlemail.com
Mon Mar 31 01:01:01 PDT 2008


David Zeuthen wrote:
> On Fri, 2008-03-28 at 10:07 +0000, Richard Hughes wrote:
>> until the user trusts the media is valid
> 
> Btw, as I mentioned on your blog
> 
>  http://hughsient.livejournal.com/54131.html?thread=381299#t381299
> 
> there's really little point in asking whether the user trusts the media.
> 
> In fact, I'd argue it's harmful to even do so. I might be getting the
> update media from some shady third party reseller or the media itself
> may be a CD-R that one of my buddies handed to me.
> 
> E.g. there's a good chance that the media itself doesn't look 100%
> authentic. But that's perfectly fine. We don't _care_ about the media,
> we care about what's on it: that the packages are signed by a trusted
> party.

+1
> 
> So I think the whole Service Pack [1] idea simply boils down to the
> ability to easily add media with repositories on them.

Agree, the "ServicePacks" should just be removable repos, nothing else.
it should not be limited to updates, you should be able to use the 
original disto release cd/dvd as repos if you plug them in.

> 
>       David
> 
> [1] : I still don't like the name Service Pack. Also keep in mind SUSE
> is already using that term for their equivalent of RHEL5.x updates for
> their enterprise product. So better avoid it. But that's just my
> personal preference.

I hate the "ServicePack" name too, "MediaRepo", "PackageCollection" or 
something like that

Tim



More information about the PackageKit mailing list