Hi. Every one in a while the problem of repository scoring comes up (maybe under a different name, but I chose this one): The wish of users to give different RPM repositories different "rights" with respect to the packages that can be installed from the various sources, mostly to prevent third party repositories from replacing packages installed by the core operating system. This post is not about discussing whether this is a good idea or not. I personally think this is a valid tool, but I can see that there may be other views about it. A core problem in this context is that while it is possible to determine where a package comes from at installation time this information is lost during installation, all packages installed on a system are "equal" in that there is no way to tell where they originally came from, thus making the scoring mentioned above hard to impossible. It has been proposed to add a field to the RPM file headers that can be set by the packager to indicate where the package came from. This requires work on the behalf of all packagers/repositories, and is thus not likely to work (in my opinion), or it will take a long time to actually show effect. I hereby propose a diffenent path. Do not add repository information to the RPM files (or do it anyway, it is useful information after all, just not suited for the problem at hand) but change the RPM libraries to enable programs installing packages (be it RPM itself, yum, smart or whatever) to add metadata to the installed package. The installing program knows best where it got the package it is just installing, after all, so it can add the information itself. This has the following pros and cons: Pro: * If implemented, it works right now (except for packages already installed, but other approaches have that problem, too) * It requires no work on the behalf of the packagers * It is stable against repositories changing their repository id (if such a field is added, see above) Cons: * It may not be stable against certain configuration changes in the package managing program (if, for example, yum uses it's internal repositoryid to tag packages a change to that id would create some problems) * Using different programs to manage your packages at the same time will probably not work, since they will not recognize the tags written by each other. * I do not know if such a change can be made while retaining backwards compatibility to older RPM versions (if this is desired, that is) I'd like to hear your thoughts about this. And maybe there are other ideas of what can be done with user addable metadata in the RPM package DB. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
