package, package2, package3 naming-with-version exploit
Jan Zelený
jzeleny at redhat.com
Fri Mar 29 13:42:29 UTC 2013
On 29. 3. 2013 at 10:29:01, Vít Ondruch wrote:
> Dne 29.3.2013 02:09, Michael Scherer napsal(a):
> > Le jeudi 28 mars 2013 à 17:45 +0100, Vít Ondruch a écrit :
> >> If this problem was put first time on the table in 2002,
> >> then there already passed 10 years of excuses.
> >
> > Or that in 10 years, we didn't found a proper solution that was
> > sustainable.
> >
> >> It is interesting to see
> >> that our competition can do much more with our technology then we do.
> >
> > Depend on what you define as "competition" and "our technology".
> > While this could be anything, I will assume that you are speaking of
> > debian, cause that's the only one that make sense to me.
>
> This is what I am taking about:
>
> http://www.devconf.cz/slides/mls-pkgmgmt2.pdf
> http://www.youtube.com/watch?v=FNwNF19oFqM
>
> They are using far more advanced techniques using RPM.
>
> Yes, I am aware that it is slightly of-topic, but that was generic
> remark. The point is, they are trying, they probably also fails in
> certain areas, they have to make prototypes and throw them out, they
> have workaround missing features in RPM. But in comparison to Fedora,
> they are doing something. We just collecting ideas, brainstorming, we
> are afraid about security and so on. We are so afraid to fail that we
> rather do nothing.
I'm sorry but your statement is not entirely correct - we can do most of the
things they can do, as we use libsolv in dnf. We just choose not to use these
features in Fedora. That's actually one point that Michael made during his
presentation IIRC. Also it's not true that we don't experiment with stuff and
make prototypes. For example at this moment we are working on some pretty big
changes in rpmdb, recently we added new plugin interface, improved selinux
support, ... you name it.
The problem is that this particular request of yours is a bit different:
You are asking us to completely change the way we work with package versioning
in order to achieve something that is already achievable (admitting that not
in the prettiest way). It is important to note that the change goes through
the *entire* packaging stack, requiring multi-month effort of multiple people.
Please try to understand that this is why we are trying to come up with
different proposals solving at least parts of your problem.
Thanks
Jan
More information about the devel
mailing list