On Tue, Nov 20, 2012 at 06:43:32PM -0500, Daniel Holth wrote:
No. We trust the packages we install, including the way they decide to use the metadata. A bad package could delete all our files or cause dependency resolution to fail. Mostly they won't.
Agreed. And this is closer to the way that distributions' tools have to operate than they'd want to :-( Within the distribution we like to pretend that we only need to care about the packages that we generate. But we also know that whether or not we support it, ordinary users will install pacakges from outside of our walls. That means that the packaging tools that we create will need to deal with things that we might not condone within our "presumed authority". We trust that people are going to do more or less the right thing with the tools we offer. Once in a while they don't but by and large they do. -Toshio
Daniel Holth
On Nov 20, 2012, at 5:26 PM, Vinay Sajip <vinay_sajip@yahoo.co.uk> wrote:
Daniel Holth <dholth <at> gmail.com> writes:
They mean pretty much what the same words mean in RPM and do not need further bikeshedding.
But isn't it the case that the scenarios are different because in the case of RPMs, we have a presumed authority which can determine e.g. what obsoletes what, whereas with Python distributions, there's no central authority that has this function?
Regards,
Vinay Sajip
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/dholth%40gmail.com
Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/a.badger%40gmail.com