Date: Fri, 11 May 2007 22:46:06 -0700 From: Tim Kientzle <kientzle@freebsd.org> To: Joerg Sonnenberger <joerg@britannica.bec.de> Cc: freebsd-hackers@freebsd.org Subject: Re: New FreeBSD package system (a.k.a. Daemon Package System (dps)) Message-ID: <4645549E.1000407@freebsd.org> In-Reply-To: <20070511153448.GA7516@britannica.bec.de> References: <200705102105.27271.blackdragon@highveldmail.co.za> <f20c8u$htp$1@sea.gmane.org> <4644847A.5060702@freebsd.org> <20070511153448.GA7516@britannica.bec.de>
next in thread | previous in thread | raw e-mail | index | archive | help
>>3) As DES pointed out, the package tools must be able >> to read the metadata before the files. > > Actually, the argument is pretty weak. Being able to extract them > streamable and access the meta-data easily is fine. The remote access > argument is very weak as it doesn't allow e.g. signature checks. I presume you mean that you have to scan the entire package to verify the signature before doing installation? I don't think you do, really. If you can roll back an installation, then you can verify the signature during a streaming install; if the signature fails, you roll back. A good package installer needs to support rollback anyway to do robust dependency handling. I know two relatively straightforward ways to structure the installation process to support rollback. <sigh> So many ideas, so little time... ;-) Tim Kientzle
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4645549E.1000407>