limiting use of third-party repositories in Debian/Ubuntu

[Tom Metro]

As I've been toying around with desktop systems I've been making more 
use of non-distribution repositories, such as the Personal Package 
Archives (PPAs) that Ubuntu makes it easy for anyone to publish.

What is a good technique for limiting the scope of what gets pulled in 
from these repositories, which often contain more than just the desired 
package and its dependencies?

The Debian backports guys offer some suggestions:
http://backports.org/dokuwiki/doku.php?id=instructions

but they use a separate release name (with -backports appended), so the 
technique may not be applicable.

Looking at the apt_preferences(5) man page I see you can do something like:

   Package: *
   Pin: origin "http://www.backports.org/debian"
   Pin-Priority: 50

which says that everything from the specified repository has a lower 
priority than any installed packages (which are 100). Which means 
nothing would get upgraded using that repository, but if not already 
installed, the repository would be used.

You'd then have to pair that up with an entry for the package you want 
to be kept updated from the repository by setting the priority to 
something > 100. It sounds like you'd need to do that for any 
dependencies, as well.

Sounds functional, but cumbersome. Not to mention it spreads the config 
for any given repository across multiple files. Need some syntax sugar, 
so you can do something like this in sources.list.d:

Packages: google-chrome,google-chrome-unstable
deb http://dl.google.com/linux/deb/ stable main

  -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/