> In the future, we hope to be able to provide official updates to the > operating system itself via packages, and we need to give the > end-users the confidence that when they intend to install a Nokia > provided operating system update, they actually get what they think > they are getting. Great! It'll be great to escape the backup->flash->restore->reinstall cycle! > This means that the Application Manager will not allow you to update > individual OS packages (or to install third party applications that > require this), since you would have to remove the meta package for > that. It is still possible to install additional 'system' packages, > just not to upgrade already installed ones. > > A second new feature is that the Application Manager will distinguish > between "trusted sources" and "non-trusted sources" (based on the key > used to sign the corresponding repository). A package that has > originally been installed from a trusted source will only be allowed > to be updated (or replaced) from a trusted source. The flash image is > also treated as a trusted source, so you will only be able to update > packages that are pre-installed in the device from trusted sources. IMO the second new feature makes the first one irrelevant. Locking the OS metapackage to exact versions of depended packages will cause headaches for nokia, developers, and users. Say you've just released an OS metapackage, maemo 3.1 sturgeon, and then one the guys working on cairo makes a huge breakthrough in speed and stability. You want users to be able to upgrade, but now you have to release a new OS metapackage to do so, so you either need to make users wait for another "full" release, or release a new OS metapackage whose only change is an upgraded cairo dependency. This potentially means a lot of frivolous new OS releases. However, the "trusted source" feature means that you don't have to worry about this. If you release OS metapackage maemo-3.2007-sturgeon with the *greater than or equal*-style dependencies, people can only upgrade those packages from Nokia. This means that users don't have to worry about the potential of getting a broken cairo package from Joe's Repo, and that you can release a new cairo package when it's ready without having to worry about synchronizing with other packages' releases, announcing a new OS release, etc. > The meta package could depend on 'this version or later' of a package > instead of on "exactly this version'. That would allow it to control > the update just as much, but would not lock down the configuration of > the device so much. The motivation for this lock-down of the device > configuration is that Nokia (probably, IANAL) doesn't want to support > any other configuration, and having to 'hack' your system via the > red-pill mode or similar is a good indication that you are now on your > own. I am wholly in favor of this, as may be gathered from my previous paragraph. And the "trusted repository" scheme means that the device is just as locked down for support purposes. -- It doesn't take a nukular scientist to pronounce foilage! --Marge Simpson http://www.gnu.org/philosophy/shouldbefree.html
