Hi, On Thu, 2008-05-29 at 21:37:28 +0200, Franklin PIAT wrote: > I suggest to modify dpkg so it refuse to install package, unless the > option "--insecure" is specified. Such option's manpage description > would be :
That'd be mostly just annoying for no actual benefit. It would break existing software using 'dpkg -i', and people would end up adding that option to the config file. > > dpkg --install --insecure package_file... > > The option --insecure is now mandatory to install a ".deb" package. > > > > Installing a ".deb" file manually is considered a bad practice (i.e > > insecure), because the package wouldn't be updated when the maintainer > > release a security update. This is not true if the package comes from the repo you've fetched it from. > > Instead of downloading and installing a .deb file, you should declare > > it's apt repository. This is done by adding the package's repository > > to /etc/apt/sources.list or /etc/apt/sources.list.d/. See > > sources.list(5). There's few other ways to upgrade a system than with apt. > * This option would be an effective solution to educate new users. > * For the same reason, we should remove gdebi's "Install" button. I don't think this kind of punishment would educate any users. So I don't see this being implemented in dpkg, sorry. regards, guillem -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
