Klaus Kaempf wrote:
* Jan Kupec <jkupec@suse.cz> [Jul 31. 2008 15:44]:
But first things first: if we are going to log the origin of packages (vendor, repo, etc..). We should first clarify what will be the *purpose* of this 'origin' data. What do we want to accomplish with this.
To unambiguously identify which package was installed/updated/removed.
OK. What about the *vendor* and the package *signing key* plus the *checksum* then? Such triple should not be fake-able.
It should also serve as a 'rollback' information, if one must revert an update.
But that would be possible only until the original packages stay in the repository, or? -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org