One of the most useful features I've seen from dpkg is "package holds". By setting a package hold, all package manager operations that change the state of a package will fail without an override option on the command line. This prevents inadvertant changes to a package that for some reason or another should not be changed on a system, as decided by the system's administrator. I've used this functionality in the past on *.deb based distributions to insure that packages that I've customized do not get replaced during upgrades - while apt-rpm has its own hold mechinism, this doesn't do anything to address other upgrade mechinisms, or other administrators manually installing/updating a package. I've also used this functionality on .deb based distributions to insure that a package that breaks the system in some way or causes some security problem doesn't get installed. I would suggest that a configuration file is the best way to go about implementing package holds, since such a list is not likely to change frequently on a production system.
Sure, policy concepts like Never change this file. and Never change this package. provide a degree of comfort to to system administrators. Both policies are implemented in up2date, which is largely concerned with upgrades. Neither policy is implemented in rpmlib, mainly because "hold" eill stop anaconda from upgrading an end-user system, thereby creating a support problem.