On Mon, 28 Feb 2011 20:13:58 +0100, Sean Collins <smc.collins@xxxxxxxxxxx> wrote:
Brecht Machiels wrote:If the package metadata (dependency info) can be separately updated by the community, as proposed (and still planned, I hope), these kinds of problems will be detected and resolved very quickly (for example, resulting in reverting to the previous libcurl), even without action needed by any developers. I believe this is a fundamental advantage over Linux package managers that can make it work well.any thoughts about maybe having a rating system and compatibility flag of some sort in the meta data ? IE this APP/library/package is tested and works properly ? the recent breakage of webpositive does go to shows that updating often, doesn't really solve any problems and likely introduces new ones minus some sort of formal compliance testing.
The idea is that users (probably not all users, but only users that are willing to test new packages) can report problems with a particular package and incompatibilities between a package and a dependency. If a certain package-dependency combination turns out to be problematic (reported by x users), it can be flagged as problematic. The package manager can then avoid this. This requires a global database keeping track of this information. This database can also serve as a software directory. It does not have to host all the packages however, just the metadata.
As for the non-testing users, we should avoid upgrading packages unless there are known security problems or the user explicitly choses to upgrade. Maybe the user can be mailed about available updates instead of annoying him with pop-ups as in Windows/Ubuntu. But I digress...
-- Brecht
