[haiku-depot-web] Re: Dealing with Multiple Repositories and Conflicts
- From: "Alexander G. M. Smith" <agmsmith@xxxxxx>
- To: haiku-depot-web@xxxxxxxxxxxxx
- Date: Thu, 21 May 2015 11:32:34 -0400 EDT
Andrew Lindesay wrote on Fri, 22 May 2015 00:09:33 +1200:
For example; If you were to search _across_ repositories and two
repositories happen to have the same Package then you will see this in
the data because two Package Versions will be returned and would be
identified as belonging to the two repositories. The system would not
try to 'hide' this fact from you by presenting this as one search result.
I agree that being able to see the duplicates is desirable, as well as seeing
if they are exact duplicates (.hpkg files are the same by hash code).
It would be nice if there were a user specified priority to picking packages
from among the duplicates. Perhaps the user has a list of repositories with
more trusted ones first? Or maybe ratings could be used to decide on a
repository. Actual availability of the repository web server at the time of
install is also important.
Which brings up the question of trust. There isn't any malware now, but it
would be nice to know which packages were legitimate, perhaps by having
checksums for vetted packages, or a digital signature. Maybe we also need
repository ratings :-)
- Alex
Other related posts:
