On Mon, Aug 22, 2005 at 06:36:03PM -0400, Alec Warner wrote:
> I'm kinda with genone on implementing both ( since they are similar ).
> If it's decided that blacklisting is easier to maintain, I can always
> make up my own whitelist for pkg-foo and apply it and if it works submit
> it as a bug ( or even some other whitelist database? ) and thus can
> gaurentee that my package was built 'correctly'(TM).  I think this would
> be important in fex, an enterprise distribution type deal where the
> build env is important to some.  Put the whitelists in the tree and have
> them --excluded by default, so only the users that use them have to
> downlaod them.
Sticking Yet Another File In Profiles (hence forth known as yafip 
since it comes up a lot :) is a quick fix, but forces anyone trying to 
do remote repo's to add hacks to expose that information; effectively 
requiring two querying modes for the repo, which doesn't seem clean.

If it goes anyways, profile would get my vote- base profile exists for 
spreading settings like this throughout all profiles also; profile and 
repo are seperated entities, as such the repo implementation doesn't 
get muddied up, just requires extra keys pulled for profile 
implementation, which is what it's designed for anyways.
~harring