This is again wrong thread about this discussion, but here goes once again....

Roll back is not the only property which comes with transactions. Transactions makes package updates error tolerate. For example if battery goes dead middle of updating, or you drop your phone and battery flies off. When the system reboots, it can auto-correct the problem either finish the transaction or cancel it and tell the user that last action was not successful but it didn't broke anything at least. Or if some developer (maemo test and devel repos) forgets something and there is a dependency problem, after installation some other things are not working, user can rollback to the previous state and report the problem to the developer.

Transactions is good to have in the package management, some people might think it is essential as the system state is pretty much like a critical database. Of course transactions feature can be disabled if there is good reasons, but I doubt in high end mobile phones there would be any. Anyway, rpm is in this way much better than deb, although in other technical ways they are pretty much identical.

I mean that in rpm-based systems nowadays it is a common practice to have all rpm-packages GPG-signed. GPG-signatures are embedded in the packages and do not get lost even if you transfer and install packages through ftp-program, wget, usb-stick, bluetooth OBEX transfer and so on and then install the package without alive connection to the original repository.

You can google lots of bad examples where people install un-authenticated deb-packages with dpkg -i. MITM attack on non-authenticated data (stream) is trivial if you have the skills.

The kludged way to embed GPG signatures in the deb-packages is not really used by anyone or anywhere. Show me where debsigs would be actively and routinely used, like embedded GPG signatures are used almost without exceptions for example in Fedora? Also it is important that developers have a standardized way to embed the GPG signature to the package release automatically.



There are many good things in LSB. Without them Linux would be even more fragmented it already is. And as said, if Debian+Ubuntu would had changed to use rpm-system long ago, Nokia now wouldn't have the problem with its developers implementing rpm support to Ovi and Meego. A good case of fragmentation in Linux which clearly causes troubles.

Debian and Ubuntu (and some other smaller players) haven't just taken the fragmentation problem in Linux seriously enough, and now see, it costs Nokia lots of money and eventually may mean that Meego won't succeed because it was too late compared to Android.