Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
Synaptic package manager
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas

Contributor turbolad on Synaptic package manager

PPAs can add unexpected packages  
Written by äxl the 2 Feb 12 at 16:58. Not an idea
Adding for example the PPA from Launchpad's ~maverick-bleed you are able to get the newest vlc (for normal users) but also, unexpectedly, a new version of dpkg.

If that new PPA version of dpkg happens to be poisoned, or even just old-but-renamed, you can unwittingly hand it root access!
-4
votes
closed
Solution #1: Low default priority for user added sources
Written by äxl the 2 Feb 12 at 16:58.
Give every user added source a priority of for example 100.
So you can still download vlc, but dpkg will not update automatically.

/etc/apt/preferences /etc/apt/preferences.d/
Package: *
Pin: origin useraddedsource.com
Pin-Priority: 100
14
votes
closed
Solution #2: Restrict PPA content to a single project
Written by Dazed_75 the 9 Feb 12 at 00:53.
Using a single PPA as a holder for multiple unrelated projects is a recipe for a user getting unexpected and unwanted packages. If multiple projects need a PPA, they should each get their own.

See the 6 comments or propose a solution (latest comment the 23 Feb 12 at 19:52) >>

dependencies handling should be better  
Written by koenfloris the 10 Nov 10 at 09:36. New
apt-get currently handles dependencies in a very wrong way

example, i install package ktorrent.
ktorrent depends on a lot of kde package's
as result, tons of dependencies get installed.

now i decide to remove ktorrent.
the dependencies that installed with it are not automaticly uninstalled, leaving tons of unused program's on my harddisk.
37
votes
up equal down
Solution #1: use aptitude!
Written by koenfloris the 10 Nov 10 at 09:36.
aptitude handles this problem better.

most UI's are programmed to use apt-get.

so the apt-get command should forward the command to aptitude. that way, the UI won't need any reprogramming, and the power-full engine of aptitude is still used.
61
votes
up equal down
Solution #2: make apt-get act more like aptitude
Written by koenfloris the 10 Nov 10 at 09:37.
just make a update/patch to apt-get for handeling this problem better. uninstall any dependencies that are marked as automatically installed.
28
votes
up equal down
Solution #3: use apt-get autoremove or computer-janitor
Written by Mailaender the 13 Nov 10 at 15:07.
This option is also included in synaptics.

See the 5 comments or propose a solution (latest comment the 9 Dec 10 at 10:45) >>