On 6/22/2022 5:22 PM, Charles Curley wrote:
On Wed, 22 Jun 2022 16:25:02 -0400
Bijan Soleymani <bi...@psq.com> wrote:
Anyways it would be nice to do:
apt install http://domain/filename.deb
too. Wonder if there's some optimal/convenient way to handle
dependencies if they're on the same server too.
How do you handle dependencies where there is a version of the
dependency on the server, and another version on a repo in the user's
sources.list? Multiple nested dependencies?
I guess the same way you handle multiple apt sources, based on
dependency versions declared in the deb and the priority of the sources.
Most packages with complex dependencies or that update often make the
user edit their apt sources anyways.
Don't forget the public key for the packager, if any.
That could be handled as part of the process.
apt could prompt:
have you verified X signing key
do you want to add Y apt source
vs now users cut and paste:
echo "signing-key" >> /etc/apt/some-keyring.txt
echo "apt-source-url" >> /etc/apt/sources.list
from the developer's website
This strikes me as a nightmare waiting to happen.
There was probably a similar feeling when .deb and dpkg and apt rolled out.
Users are going to have dependency issues, etc. If libc breaks on upgrade then
everything dies, etc.
Bijan
