packaging issue: how to update?

[volkov.peter at gmail.com (Peter Volkov)]

Hello, list.

I'm looking for some suggestion on how to resolve the problem in Gentoo
(and I suppose other distributions are affected too) with framework
updates[1]. We provide ebuild for metasploit-3.1 which installed
dependencies, Framework itself + init scripts to start msfweb3. But
together with that we needed to remove all .svn file to preclude updates
using subversion. Live update of files managed by package manager is not
very good idea because, not taking into account reasons mention in [2],
it's impossible to track such updates for package manager and it's very
possible that such updates create mess on user system. One possible
scenario to create such mess is:

1. User installed Framework-3.1 from metasploit-3.1.ebuild and updates
it with snv update.
2. After that gentoo developer fixed bug in init script and to propagate
changes to user systems increased revision number of ebuild
(metasploit-3.1-r1.ebuild)
3. After users updates his/her system to metasploit-3.1-r1 all files in
package became overwritten with old copies. Now new files which were
added by Framework developers are now not under svn control and further
updates with svn update will not work as supposed.

Thus providing package with installs Framework with .svn files is not a
viable solution for package manager in Gentoo (and I suppose in other
distributions too). But what alternatives do we have? Is it possible to
release Framework more frequently whenever required updates were added?
Is it possible to separate and update exploit database separately for
the program itself?

References:
[1] bugs.gentoo.org/show_bug.cgi?id=195924
[2] devmanual.gentoo.org/ebuild-writing/functions/src_unpack/cvs-sources/index.html

-- 
Peter.