> There is no difference between packages installed via pkgman and those > installed manually. You can download a package from the haikuports > repository and install it manually, and -- the feature has not been > implemented yet -- pkgman will also be able to install a local package > file. It is not relevant by which method a package is installed. The > relevant information is encoded in the package meta data: the package > vendor. There is no difference as far as the system is concerned. It could help with managing the repositories if we start having a lot of them. The user may want to do some cleanup and answer questions such as: how much packages did I got from this repo ? are they still installed ? are they available elsewhere ? I don't think adding a source attribute to the packages (this would be set by pkgman or HaikuDepot when installing the package, and requires no change to the package daemon) can do any harm, and it makes it much easier to track which packages comes from where. It could also help detect where a broken package comes from. Let's say you notice a package is corrupted, some time after installing it. Was the corruption done during download ? while the file was stored on disk because of a BFS bug or a system crash ? or does the package comes from a repo that has corrupted it (on purpose or not) ? Knowing where the package was downloaded from would help with checking the source and see if it still matches. Sincethe vendor field is only informative, without any signing key or certificate of any kind, a malicious repo could also provide packages with a faked vendor field and corrupt your system (again, either on purpose or because the repo itself was attacked by someone). Looking at the source attribute would then help know which repo (or mirror) is at fault. -- Adrien.