The repository scoring problem - a proposal

Sun Mar 12 19:12:07 UTC 2006

Ralf Ertzinger <fedora at camperquake.de> wrote:
> Every one in a while the problem of repository scoring comes up (maybe
> under a different name, but I chose this one): The wish of users to
> give different RPM repositories different "rights" with respect to the
> packages that can be installed from the various sources, mostly to prevent
> third party repositories from replacing packages installed by the core
> operating system.

Then don't use 3rd party repositories...

A repository is not "just" a collection of packages that can be installed
on Foo, it is a system of packages built and tested for use together on
Foo. You /can't/ just mix-and-match at will.

[...]

> I hereby propose a diffenent path. Do not add repository information to
> the RPM files (or do it anyway, it is useful information after all, just
> not suited for the problem at hand) but change the RPM libraries to enable
> programs installing packages (be it RPM itself, yum, smart or whatever)
> to add metadata to the installed package. The installing program knows
> best where it got the package it is just installing, after all, so
> it can add the information itself.
> 
> This has the following pros and cons:
> 
> Pro:
> * If implemented, it works right now (except for packages already installed,
>   but other approaches have that problem, too)
> * It requires no work on the behalf of the packagers
> * It is stable against repositories changing their repository id (if
>   such a field is added, see above)

No, it isn't. Can't be, really.

* It handles packages moving among repositories (i.e., from Extras to Core)

> Cons:
> * It may not be stable against certain configuration changes in
>   the package managing program (if, for example, yum uses it's internal
>   repositoryid to tag packages a change to that id would create
>   some problems)
> * Using different programs to manage your packages at the same time will
>   probably not work, since they will not recognize the tags written by
>   each other.

Need a common format for that anyway,

> * I do not know if such a change can be made while retaining backwards
>   compatibility to older RPM versions (if this is desired, that is)

You are proposing a scheme that doesn't touch the RPM format itself, so I
don't see how this would enter here.

* What if a package exists with the same name in different repositories?
  Using one set of (coordinated) repositories prevents that today (and that
  is exactly the problem you are trying to solve...)
-- 
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                     Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria              +56 32 654239
Casilla 110-V, Valparaiso, Chile                Fax:  +56 32 797513