Re: Looking at Package Management for Karmic or Karmic+1

[Jan Claeys]

Op maandag 06-04-2009 om 10:03 uur [tijdzone +0100], schreef James
Westby:
> On Mon, 2009-04-06 at 07:27 +0200, Jan Claeys wrote:
> >  Maybe delaying upgrades until shutdown *is* the right
> > solution?
> 
> There are a couple of other issues with that.
> 
>   1. The upgrades may need some feedback from the user, but the user has
>  just declared that they would like to leave the computer.

How does "automatic updates" deal with interaction *now*?


BTW what about delaying the popup of update-manager until shutdown (so
you can still close it if you don't have the time).  And maybe pop it up
just after login to?  Oh, and keep the reminder icon in the tray for
those who want to upgrade during the day...  ;)


-- 
Jan Claeys


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Derek Broughton]

James Westby wrote:

> On Mon, 2009-04-06 at 07:27 +0200, Jan Claeys wrote:
>>  Maybe delaying upgrades until shutdown *is* the right
>> solution?
> 
> There are a couple of other issues with that.
> 
>   1. The upgrades may need some feedback from the user, but the user has
>  just declared that they would like to leave the computer.
> 
>   2. What do you do if the upgrade fails? The system is in an
>  inconsistent state, so immediately rebooting may not be wise,
>  but the computer was instructed to reboot, so staying on would
>  be surprising.

Personally, I think _shutdown_ is absolutely the worst time to do upgrades. 
When I am shutting down I want the system _off_.  Typically, I only do
shutdowns when there's some pressing need to reboot!  The other 99 times
out of a hundred, I hibernate - in which case the upgrade is either not
going to get done, or you're going to interrupt my attempt to hibernate -
and it _still_ won't get done, because it invariably means I'm moving the
laptop and it won't be able to connect to the Internet.
-- 
derek


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Derek Broughton]

Matthew Paul Thomas wrote:

> Erich Jansen wrote on 06/04/09 10:59:
>>...

>> My problem with the way things are currently done is that it's not
>> obvious to someone like my parents, who run Ubuntu, that this feature
>> exists. After switching my parents to Ubuntu the only real complaint I
>> heard from them is that the first time they booted into Ubuntu there
>> wasn't a "tour" window that popped up for them.
>>...
> 
> Oh, but haven't you heard? Popping up windows by themselves is evil,
> apparently. ;-)

Of course it is.  It annoys the heck out of _me_.  But Erich seems to be
suggesting there should be some kind of "first run" script for every new
user (and if it's the admin user, it can be used to set this sort of
option).  I completely agree.  New users find themselves at a mostly empty
desktop without a hint what to do next.

I have no problem with _that_ sort of window popping up by itself, because
it's just a continuation of the login process as far as the user can tell
(and will only run once, in any case - unless you ask it to run in future).
 
> Now that the Updates Available window opens by itself, it may help for
> it to contain a checkbox for installing future updates by default.

That would work, but really system setup tasks should occur at system setup
time.
-- 
derek


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Charlie Kravetz]

On Mon, 6 Apr 2009 11:03:20 -0400
Mackenzie Morgan  wrote:

> On Monday 06 April 2009 10:35:17 am Charlie Kravetz wrote:
> > On Mon, 06 Apr 2009 12:25:07 +0100
> > Matthew Paul Thomas  wrote:
> > 
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA1
> > > 
> > > Erich Jansen wrote on 06/04/09 10:59:
> > > >...
> > >  Also, isn't this an option that could be added to Ubiquity?
> > >  Like when you are filling in your user information we could
> > >  have a checkbox that enables automatic installation of all
> > >  security updates? Have it checked by default but it at least
> > >  allows the user a choice.
> > > >...
> > > > My problem with the way things are currently done is that it's
> > > > not obvious to someone like my parents, who run Ubuntu, that
> > > > this feature exists. After switching my parents to Ubuntu the
> > > > only real complaint I heard from them is that the first time
> > > > they booted into Ubuntu there wasn't a "tour" window that
> > > > popped up for them.
> > > >...
> > > 
> > > Oh, but haven't you heard? Popping up windows by themselves is
> > > evil, apparently. ;-)
> > > 
> > > Now that the Updates Available window opens by itself, it may
> > > help for it to contain a checkbox for installing future updates
> > > by default.
> > 
> > May not be evil, but on my 400MHz cpu, it does severely limit any
> > further use of the computer until it finishes getting the updates.
> > It doesn't matter what I am doing, when the update manager opens, I
> > am stopped from further use of my computer until it quits getting
> > updates, and when there many, that can be 10 minutes or more. 
> 
> Are you referring to while it's just running, sitting there, waiting
> for you to say "ok, install the updates" or to while it's actually
> installing updates? 
> 
> 400MHz? And Ubuntu's usable?  I tried Ubuntu on a Pentium II, and I
> got tired of waiting 5 minutes for it get to the point where it would
> let me open the applications menu.
> 

Usable until the new Update Manager pops open and says: Checking for
updates! Then, no, it is not usable until it gets done checking (which
is to benefit me?). 

-- 
Charlie Kravetz 
Linux Registered User Number 425914  [http://counter.li.org/]
Never let anyone steal your DREAM.   [http://keepingdreams.com]

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Mackenzie Morgan]

On Monday 06 April 2009 10:35:17 am Charlie Kravetz wrote:
> On Mon, 06 Apr 2009 12:25:07 +0100
> Matthew Paul Thomas  wrote:
> 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> > 
> > Erich Jansen wrote on 06/04/09 10:59:
> > >...
> >  Also, isn't this an option that could be added to Ubiquity? Like
> >  when you are filling in your user information we could have a
> >  checkbox that enables automatic installation of all security
> >  updates? Have it checked by default but it at least allows the
> >  user a choice.
> > >...
> > > My problem with the way things are currently done is that it's not 
> > > obvious to someone like my parents, who run Ubuntu, that this
> > > feature exists. After switching my parents to Ubuntu the only real
> > > complaint I heard from them is that the first time they booted into
> > > Ubuntu there wasn't a "tour" window that popped up for them.
> > >...
> > 
> > Oh, but haven't you heard? Popping up windows by themselves is evil,
> > apparently. ;-)
> > 
> > Now that the Updates Available window opens by itself, it may help for
> > it to contain a checkbox for installing future updates by default.
> 
> May not be evil, but on my 400MHz cpu, it does severely limit any
> further use of the computer until it finishes getting the updates. It
> doesn't matter what I am doing, when the update manager opens, I am
> stopped from further use of my computer until it quits getting updates,
> and when there many, that can be 10 minutes or more. 

Are you referring to while it's just running, sitting there, waiting for you 
to say "ok, install the updates" or to while it's actually installing updates? 

400MHz? And Ubuntu's usable?  I tried Ubuntu on a Pentium II, and I got tired 
of waiting 5 minutes for it get to the point where it would let me open the 
applications menu.

-- 
Mackenzie Morgan
http://ubuntulinuxtipstricks.blogspot.com
apt-get moo


signature.asc
Description: This is a digitally signed message part.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Charlie Kravetz]

On Mon, 06 Apr 2009 12:25:07 +0100
Matthew Paul Thomas  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Erich Jansen wrote on 06/04/09 10:59:
> >...
>  Also, isn't this an option that could be added to Ubiquity? Like
>  when you are filling in your user information we could have a
>  checkbox that enables automatic installation of all security
>  updates? Have it checked by default but it at least allows the
>  user a choice.
> >...
> > My problem with the way things are currently done is that it's not 
> > obvious to someone like my parents, who run Ubuntu, that this
> > feature exists. After switching my parents to Ubuntu the only real
> > complaint I heard from them is that the first time they booted into
> > Ubuntu there wasn't a "tour" window that popped up for them.
> >...
> 
> Oh, but haven't you heard? Popping up windows by themselves is evil,
> apparently. ;-)
> 
> Now that the Updates Available window opens by itself, it may help for
> it to contain a checkbox for installing future updates by default.
> 
> - --
> Matthew Paul Thomas
> http://mpt.net.nz/
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAknZ5o8ACgkQ6PUxNfU6ecpSaQCgtSK80AyaJicGHah6C6CdIChs
> JJ8AmQHIjnb2iiIqExmJVH4r15FGOn1q
> =qc78
> -END PGP SIGNATURE-
> 

May not be evil, but on my 400MHz cpu, it does severely limit any
further use of the computer until it finishes getting the updates. It
doesn't matter what I am doing, when the update manager opens, I am
stopped from further use of my computer until it quits getting updates,
and when there many, that can be 10 minutes or more. 

That should be considered BAD, at the very least.


-- 
Charlie Kravetz 
Linux Registered User Number 425914  [http://counter.li.org/]
Never let anyone steal your DREAM.   [http://keepingdreams.com]

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Charlie Kravetz]

On Mon, 06 Apr 2009 07:27:00 +0200
Jan Claeys  wrote:

> Op maandag 06-04-2009 om 00:43 uur [tijdzone -0400], schreef Mackenzie
> Morgan:
> > On Sunday 05 April 2009 11:55:10 pm Jan Claeys wrote:
> > > Actually, a running firefox shows you a warning and a restart
> > > button (or at least it did?) if it's older than the on-disk
> > > version.  I guess that's part of the ubufox extension?
> > 
> > Yes, it does, but um...that kinda sucks. "I, the computer, demand
> > that you, the user, stop what you are doing and restart your
> > browser NOW, losing all your work in the process.  This is not
> > optional.  I will barf if you try to continue with your work or
> > save it in any way, such as submitting that blog post you just
> > spent an hour writing."
> 
> Doesn't restarting preserve the form contents?  (I never really
> tried.)
> 
> Anyway there might be some issues with it indeed.  Maybe firefox
> updates should warn the users beforehand, somehow?  I'm not sure how
> that would work though.  Maybe delaying upgrades until shutdown *is*
> the right solution?
> 
> 

That won't work either. Firefox demands the restart even if you restart
the system. A simple "the system has been restarted" is not enough for
it. You still must restart firefox to get the warning to go away.

-- 
Charlie Kravetz 
Linux Registered User Number 425914  [http://counter.li.org/]
Never let anyone steal your DREAM.   [http://keepingdreams.com]

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Mackenzie Morgan]

On Monday 06 April 2009 3:49:48 am Erich Jansen wrote:
> Mackenzie Morgan wrote:
> > On Monday 06 April 2009 3:22:10 am Erich Jansen wrote:
> >   
> >> Jan Claeys wrote:
> >> 
> >>> Op maandag 06-04-2009 om 00:43 uur [tijdzone -0400], schreef Mackenzie
> >>> Morgan:
> >>>   
> >>>   
>  On Sunday 05 April 2009 11:55:10 pm Jan Claeys wrote:
>  
>  
> > Actually, a running firefox shows you a warning and a restart button 
(or
> > at least it did?) if it's older than the on-disk version.  I guess
> > that's part of the ubufox extension?
> >   
> >   
>  Yes, it does, but um...that kinda sucks. "I, the computer, demand that 
>  
> > you, 
> >   
>  the user, stop what you are doing and restart your browser NOW, losing 
>  
> > all 
> >   
>  your work in the process.  This is not optional.  I will barf if you 
try 
>  
> > to 
> >   
>  continue with your work or save it in any way, such as submitting that 
>  
> > blog 
> >   
>  post you just spent an hour writing."
>  
>  
> >>> Doesn't restarting preserve the form contents?  (I never really tried.)
> >>>
> >>> Anyway there might be some issues with it indeed.  Maybe firefox updates
> >>> should warn the users beforehand, somehow?  I'm not sure how that would
> >>> work though.  Maybe delaying upgrades until shutdown *is* the right
> >>> solution?
> >>>
> >>>
> >>>   
> >>>   
> >> Yes it will preserve all your data for the restart. (just tried it out 
> >> in a VM)
> >> 
> >
> > Restarting FF keeps form contents too?  I thought it only kept the tab 
list.
> >
> >   
> Yeah, I tried it out with Wordpress. Load a VM image and try it out. 
> Mine was the default install of Firefox updated to 3.08 under Intrepid.

I don't remember it doing that, but if you say so.  Maybe that's one of the 
new Firefox 3 things.

-- 
Mackenzie Morgan
http://ubuntulinuxtipstricks.blogspot.com
apt-get moo


signature.asc
Description: This is a digitally signed message part.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Derek Broughton]

Felipe Figueiredo wrote:

> Remco escreveu:
>> Are there any problems with enabling automatic updates by default?
>> Most users don't care about updates to the point that they never
>> install them. And even if they would open the update manager, they
>>   
> Which is precisely why security should be *enforced* by the system.
> 
>> The way Microsoft does it, is that it asks (enabled by default) to
>> install updates on shutdown. I don't know how that would be better
>> than completely automatic updates.
>>   
> So, are you actually suggesting Ubuntu follows the way behind the *most*
> insecure OS in town?

"I don't know how that would be better..." - it looks like he's suggesting
we don't, if anything.

-- 
derek


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Andrew Barbaccia]

> Now that the Updates Available window opens by itself, it may help for
> it to contain a checkbox for installing future updates by default.
>
>
+1.

I would say keep the current update workflow but add a line about "click
here to automatically update in the future".
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Matthew Paul Thomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Erich Jansen wrote on 06/04/09 10:59:
>...
 Also, isn't this an option that could be added to Ubiquity? Like
 when you are filling in your user information we could have a
 checkbox that enables automatic installation of all security
 updates? Have it checked by default but it at least allows the user
 a choice.
>...
> My problem with the way things are currently done is that it's not 
> obvious to someone like my parents, who run Ubuntu, that this feature 
> exists. After switching my parents to Ubuntu the only real complaint I 
> heard from them is that the first time they booted into Ubuntu there 
> wasn't a "tour" window that popped up for them.
>...

Oh, but haven't you heard? Popping up windows by themselves is evil,
apparently. ;-)

Now that the Updates Available window opens by itself, it may help for
it to contain a checkbox for installing future updates by default.

- --
Matthew Paul Thomas
http://mpt.net.nz/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknZ5o8ACgkQ6PUxNfU6ecpSaQCgtSK80AyaJicGHah6C6CdIChs
JJ8AmQHIjnb2iiIqExmJVH4r15FGOn1q
=qc78
-END PGP SIGNATURE-

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Erich Jansen]

Matthew Paul Thomas wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Erich Jansen wrote on 06/04/09 08:29:
>   
>> ...
>> Also, isn't this an option that could be added to Ubiquity? Like when 
>> you are filling in your user information we could have a checkbox that 
>> enables automatic installation of all security updates? Have it checked 
>> by default but it at least allows the user a choice.
>> 
>
> There are two problems with adding any setting to the installer. First,
> it makes the installation process require more reading and more clicks.
> (For example, the "Who are you?" step you refer to is already crammed
> full and doesn't fit on some netbook screens, so adding anything more to
> it would mean splitting it into two steps.) Second, it makes people less
> likely to understand later that the setting can be changed without
> reinstalling.
>
> So in general, the installer should ask only things that are difficult
> to change later (or where a wrong assumption would have effects that are
> difficult to undo later).
>
> - --
> Matthew Paul Thomas
> http://mpt.net.nz/
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAknZyKkACgkQ6PUxNfU6ecrKnwCfbYWdlHJz4rRiMK6H9QMIQFtq
> y8YAoI72gGL6BonUtX+54olJbu9M2O2F
> =49Ec
> -END PGP SIGNATURE-
>
>   
My problem with the way things are currently done is that it's not 
obvious to someone like my parents, who run Ubuntu, that this feature 
exists. After switching my parents to Ubuntu the only real complaint I 
heard from them is that the first time they booted into Ubuntu there 
wasn't a "tour" window that popped up for them. It seems to me that a 
feature like this would be useful in solving this issue with updates and 
allow us to tackle a couple issues at once.

1. Users wouldn't feel lost the first time they saw their desktop.
2. We could cover some basic principles of desktop security. (i.e. 
automatic updates, configuring firewall..etc)

I know the help icon is in the panel, but for most of the people who I 
have switched to Ubuntu; it's just that icon they accidentally click on 
when trying to open Evolution.

I know I kind of went a bit off-topic. I think that the solution here is 
just making sure that users are well informed from the start and I think 
this idea provides a reasonable way to do that.

-- 
Erich Matthew Jansen
er...@stoptouchingmethere.com


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Matthew Paul Thomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Erich Jansen wrote on 06/04/09 08:29:
>...
> Also, isn't this an option that could be added to Ubiquity? Like when 
> you are filling in your user information we could have a checkbox that 
> enables automatic installation of all security updates? Have it checked 
> by default but it at least allows the user a choice.

There are two problems with adding any setting to the installer. First,
it makes the installation process require more reading and more clicks.
(For example, the "Who are you?" step you refer to is already crammed
full and doesn't fit on some netbook screens, so adding anything more to
it would mean splitting it into two steps.) Second, it makes people less
likely to understand later that the setting can be changed without
reinstalling.

So in general, the installer should ask only things that are difficult
to change later (or where a wrong assumption would have effects that are
difficult to undo later).

- --
Matthew Paul Thomas
http://mpt.net.nz/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknZyKkACgkQ6PUxNfU6ecrKnwCfbYWdlHJz4rRiMK6H9QMIQFtq
y8YAoI72gGL6BonUtX+54olJbu9M2O2F
=49Ec
-END PGP SIGNATURE-

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Matthew Paul Thomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Martin Olsson wrote on 02/04/09 10:42:
> 
> Matthew Paul Thomas wrote:
>> 
>> We have not made any decisions about whether this program would be
>> based on PackageKit, Add/Remove Applications, Synaptic, or something
>> else, or written from scratch. We should first design what it will do
>> and how it will behave, then work out how to implement it.
> 
> As you now doubt have heard numerous times already, if we could ever
> get to a consistent interface between RPM / DEB based distros that
> would be a gigantic win for Linux overall. For some extent I therefore
> think Canonical should have at least a small packagekit bias, should
> all the available options be _roughly_ equivalent.

It's not a matter of Canonical (or anyone else) having a "bias". It's a
matter of measuring benefits against costs. For example, if PackageKit
makes it easier for third-party applications to request the installation
of software components on the fly, that would be a benefit. Conversely,
if PackageKit unavoidably makes progress feedback worse, or makes change
queueing less practical to implement, that's a cost.

>...
> The "new updates available" screen doesn't tell the user which ones
> are critical/security updates.
>...
> Popularity stats should not be skewed by "default installs" so I don't
> think it should be based straight on popcon (maybe it should be
> weighted against some list of default installed apps or something).
>...

Added to the wiki page, thanks.

> I think the terms "Ubuntu Software" and "Partner Software" is a bit
> unclear. It sounds like the partner software is not Ubuntu software? I
> guess you are referring to Canonical Maintained apps but I don't have
> a better name for it.

It's referring to Canonical's Partner repository.


> Why is "Fonts" it's own top-level item next to "Ubuntu Software"?

Because presenting fonts as software packages makes little sense. (I
understand that argument could be made for other types of data too.)

> I see that the "Description" field for each update is working properly
> in your mockup. I really hope that you will list that as a explicitly
> feature and make sure it "just works".
>...

Added to the wiki page.

Thanks
- --
Matthew Paul Thomas
http://mpt.net.nz/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknZxsIACgkQ6PUxNfU6ecqvEACghPI4a/KUGbkAzYUXDfEJl5Oh
WPoAn1sgqNtCwFoFzR/MmTVAkeg0jq9p
=y0HI
-END PGP SIGNATURE-

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[James Westby]

On Mon, 2009-04-06 at 07:27 +0200, Jan Claeys wrote:
>  Maybe delaying upgrades until shutdown *is* the right
> solution?

There are a couple of other issues with that.

  1. The upgrades may need some feedback from the user, but the user has
 just declared that they would like to leave the computer.

  2. What do you do if the upgrade fails? The system is in an
 inconsistent state, so immediately rebooting may not be wise,
 but the computer was instructed to reboot, so staying on would
 be surprising.

Thanks,

James


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Vincenzo Ciancia]

Il giorno dom, 05/04/2009 alle 22.45 +0200, Remco ha scritto:
> 
> Are there any problems with enabling automatic updates by default?
> Most users don't care about updates to the point that they never
> install them.

I think that one of the aspects is the following: as an update may
*always* create a problem, it is necessary to let the user aware of a
possible change, so that when he tries (or asks others to try) to solve
the problem he has a possible cause-effect relationship. 

Vincenzo


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Erich Jansen]

Mackenzie Morgan wrote:
> On Monday 06 April 2009 3:22:10 am Erich Jansen wrote:
>   
>> Jan Claeys wrote:
>> 
>>> Op maandag 06-04-2009 om 00:43 uur [tijdzone -0400], schreef Mackenzie
>>> Morgan:
>>>   
>>>   
 On Sunday 05 April 2009 11:55:10 pm Jan Claeys wrote:
 
 
> Actually, a running firefox shows you a warning and a restart button (or
> at least it did?) if it's older than the on-disk version.  I guess
> that's part of the ubufox extension?
>   
>   
 Yes, it does, but um...that kinda sucks. "I, the computer, demand that 
 
> you, 
>   
 the user, stop what you are doing and restart your browser NOW, losing 
 
> all 
>   
 your work in the process.  This is not optional.  I will barf if you try 
 
> to 
>   
 continue with your work or save it in any way, such as submitting that 
 
> blog 
>   
 post you just spent an hour writing."
 
 
>>> Doesn't restarting preserve the form contents?  (I never really tried.)
>>>
>>> Anyway there might be some issues with it indeed.  Maybe firefox updates
>>> should warn the users beforehand, somehow?  I'm not sure how that would
>>> work though.  Maybe delaying upgrades until shutdown *is* the right
>>> solution?
>>>
>>>
>>>   
>>>   
>> Yes it will preserve all your data for the restart. (just tried it out 
>> in a VM)
>> 
>
> Restarting FF keeps form contents too?  I thought it only kept the tab list.
>
>   
Yeah, I tried it out with Wordpress. Load a VM image and try it out. 
Mine was the default install of Firefox updated to 3.08 under Intrepid.

-- 
Erich Matthew Jansen
er...@stoptouchingmethere.com


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Mackenzie Morgan]

On Monday 06 April 2009 3:22:10 am Erich Jansen wrote:
> Jan Claeys wrote:
> > Op maandag 06-04-2009 om 00:43 uur [tijdzone -0400], schreef Mackenzie
> > Morgan:
> >   
> >> On Sunday 05 April 2009 11:55:10 pm Jan Claeys wrote:
> >> 
> >>> Actually, a running firefox shows you a warning and a restart button (or
> >>> at least it did?) if it's older than the on-disk version.  I guess
> >>> that's part of the ubufox extension?
> >>>   
> >> Yes, it does, but um...that kinda sucks. "I, the computer, demand that 
you, 
> >> the user, stop what you are doing and restart your browser NOW, losing 
all 
> >> your work in the process.  This is not optional.  I will barf if you try 
to 
> >> continue with your work or save it in any way, such as submitting that 
blog 
> >> post you just spent an hour writing."
> >> 
> >
> > Doesn't restarting preserve the form contents?  (I never really tried.)
> >
> > Anyway there might be some issues with it indeed.  Maybe firefox updates
> > should warn the users beforehand, somehow?  I'm not sure how that would
> > work though.  Maybe delaying upgrades until shutdown *is* the right
> > solution?
> >
> >
> >   
> Yes it will preserve all your data for the restart. (just tried it out 
> in a VM)

Restarting FF keeps form contents too?  I thought it only kept the tab list.

-- 
Mackenzie Morgan
http://ubuntulinuxtipstricks.blogspot.com
apt-get moo


signature.asc
Description: This is a digitally signed message part.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Erich Jansen]

Erich Jansen wrote:
> Jan Claeys wrote:
>   
>> Op maandag 06-04-2009 om 00:43 uur [tijdzone -0400], schreef Mackenzie
>> Morgan:
>>   
>> 
>>> On Sunday 05 April 2009 11:55:10 pm Jan Claeys wrote:
>>> 
>>>   
 Actually, a running firefox shows you a warning and a restart button (or
 at least it did?) if it's older than the on-disk version.  I guess
 that's part of the ubufox extension?
   
 
>>> Yes, it does, but um...that kinda sucks. "I, the computer, demand that you, 
>>> the user, stop what you are doing and restart your browser NOW, losing all 
>>> your work in the process.  This is not optional.  I will barf if you try to 
>>> continue with your work or save it in any way, such as submitting that blog 
>>> post you just spent an hour writing."
>>> 
>>>   
>> Doesn't restarting preserve the form contents?  (I never really tried.)
>>
>> Anyway there might be some issues with it indeed.  Maybe firefox updates
>> should warn the users beforehand, somehow?  I'm not sure how that would
>> work though.  Maybe delaying upgrades until shutdown *is* the right
>> solution?
>>
>>
>>   
>> 
> Yes it will preserve all your data for the restart. (just tried it out 
> in a VM)
>
> --
> Erich Matthew Jansen
> er...@stoptouchingmethere.com
>
>   
Also, isn't this an option that could be added to Ubiquity? Like when 
you are filling in your user information we could have a checkbox that 
enables automatic installation of all security updates? Have it checked 
by default but it at least allows the user a choice.

-- 
Erich Matthew Jansen
er...@stoptouchingmethere.com


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Erich Jansen]

Jan Claeys wrote:
> Op maandag 06-04-2009 om 00:43 uur [tijdzone -0400], schreef Mackenzie
> Morgan:
>   
>> On Sunday 05 April 2009 11:55:10 pm Jan Claeys wrote:
>> 
>>> Actually, a running firefox shows you a warning and a restart button (or
>>> at least it did?) if it's older than the on-disk version.  I guess
>>> that's part of the ubufox extension?
>>>   
>> Yes, it does, but um...that kinda sucks. "I, the computer, demand that you, 
>> the user, stop what you are doing and restart your browser NOW, losing all 
>> your work in the process.  This is not optional.  I will barf if you try to 
>> continue with your work or save it in any way, such as submitting that blog 
>> post you just spent an hour writing."
>> 
>
> Doesn't restarting preserve the form contents?  (I never really tried.)
>
> Anyway there might be some issues with it indeed.  Maybe firefox updates
> should warn the users beforehand, somehow?  I'm not sure how that would
> work though.  Maybe delaying upgrades until shutdown *is* the right
> solution?
>
>
>   
Yes it will preserve all your data for the restart. (just tried it out 
in a VM)

--
Erich Matthew Jansen
er...@stoptouchingmethere.com

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Jan Claeys]

Op maandag 06-04-2009 om 00:43 uur [tijdzone -0400], schreef Mackenzie
Morgan:
> On Sunday 05 April 2009 11:55:10 pm Jan Claeys wrote:
> > Actually, a running firefox shows you a warning and a restart button (or
> > at least it did?) if it's older than the on-disk version.  I guess
> > that's part of the ubufox extension?
> 
> Yes, it does, but um...that kinda sucks. "I, the computer, demand that you, 
> the user, stop what you are doing and restart your browser NOW, losing all 
> your work in the process.  This is not optional.  I will barf if you try to 
> continue with your work or save it in any way, such as submitting that blog 
> post you just spent an hour writing."

Doesn't restarting preserve the form contents?  (I never really tried.)

Anyway there might be some issues with it indeed.  Maybe firefox updates
should warn the users beforehand, somehow?  I'm not sure how that would
work though.  Maybe delaying upgrades until shutdown *is* the right
solution?


-- 
Jan Claeys


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Mackenzie Morgan]

On Sunday 05 April 2009 11:55:10 pm Jan Claeys wrote:
> Op zondag 05-04-2009 om 17:10 uur [tijdzone -0400], schreef Mackenzie
> Morgan:
> > The only trouble is that some updates stop services.  Hal may need to
> > be restarted, and if Firefox isn't restarted after an update it breaks
> > royally.
> 
> Actually, a running firefox shows you a warning and a restart button (or
> at least it did?) if it's older than the on-disk version.  I guess
> that's part of the ubufox extension?

Yes, it does, but um...that kinda sucks. "I, the computer, demand that you, 
the user, stop what you are doing and restart your browser NOW, losing all 
your work in the process.  This is not optional.  I will barf if you try to 
continue with your work or save it in any way, such as submitting that blog 
post you just spent an hour writing."

Riight...because that's *really* user-friendly.

-- 
Mackenzie Morgan
http://ubuntulinuxtipstricks.blogspot.com
apt-get moo


signature.asc
Description: This is a digitally signed message part.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[John McCabe-Dansted]

On Mon, Apr 6, 2009 at 5:10 AM, Mackenzie Morgan  wrote:
>> Are there any problems with enabling automatic updates by default?
>> Most users don't care about updates to the point that they never
>> install them. And even if they would open the update manager, they
>> would more likely just install all updates than select the updates
>> they want. Hell, that's the way I work! How many people actually
>> benefit from any interaction with the update manager?

We may not want to automatically install updates when on a mobile
connection that charges "just a few cents per kilobyte".

> The only trouble is that some updates stop services.  Hal may need to be
> restarted,

If we wait till the computer is idle, how likely is this to cause your
average desktop user any problems?

> and if Firefox isn't restarted after an update it breaks royally.

Perhaps this could be considered a bug? I can see a few ways of fixing this
1) leave the previous version of Firefox installed, or
2) improve Firefox session management so that we can safely restart it
automatically (on idle).
3) change Firefox so it doesn't break so badly.

(Another suggestion was to only install updates on restart. However
this would slow down restart times, and wouldn't help users who do not
restart their computers)

-- 
John C. McCabe-Dansted
PhD Student
University of Western Australia

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Jan Claeys]

Op zondag 05-04-2009 om 22:45 uur [tijdzone +0200], schreef Remco:
> Are there any problems with enabling automatic updates by default?

I'd suggest, if we implement this, that automatic (security) updates are
*ALWAYS* delayed until something like 24h-36h after the release.  That
gives us the time to block updates that contain serious bugs (like
breaking X or such).

24h after the release of a security patch in Ubuntu is on average still
at least 14 days before the release of a similar patch in Windows...  ;)


-- 
Jan Claeys


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Jan Claeys]

Op zondag 05-04-2009 om 17:10 uur [tijdzone -0400], schreef Mackenzie
Morgan:
> The only trouble is that some updates stop services.  Hal may need to
> be restarted, and if Firefox isn't restarted after an update it breaks
> royally.

Actually, a running firefox shows you a warning and a restart button (or
at least it did?) if it's older than the on-disk version.  I guess
that's part of the ubufox extension?


-- 
Jan Claeys


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Evan]

On Sun, Apr 5, 2009 at 6:07 PM, Felipe Figueiredo wrote:

> Remco escreveu:
> > Are there any problems with enabling automatic updates by default?
> > Most users don't care about updates to the point that they never
> > install them. And even if they would open the update manager, they
> >
> Which is precisely why security should be *enforced* by the system.
>
> > The way Microsoft does it, is that it asks (enabled by default) to
> > install updates on shutdown. I don't know how that would be better
> > than completely automatic updates.
> >
> So, are you actually suggesting Ubuntu follows the way behind the *most*
> insecure OS in town?
>
> Don't even get me started on how broken Microsoft is about security.
> Ubuntu should definitely *not* follow *their* way of doing things,
> security-wise.


Just because Windows is considered insecure, doesn't mean it doesn't contain
some good ideas.

I would like to see at least security updates installed by default, but we
would have to find a way to do it without interrupting the users work.
Shutdown seems the most obvious place to do this.

Just my two cents,
Evan
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Felipe Figueiredo]

Remco escreveu:
> Are there any problems with enabling automatic updates by default?
> Most users don't care about updates to the point that they never
> install them. And even if they would open the update manager, they
>   
Which is precisely why security should be *enforced* by the system.

> The way Microsoft does it, is that it asks (enabled by default) to
> install updates on shutdown. I don't know how that would be better
> than completely automatic updates.
>   
So, are you actually suggesting Ubuntu follows the way behind the *most*
insecure OS in town?

Don't even get me started on how broken Microsoft is about security.
Ubuntu should definitely *not* follow *their* way of doing things,
security-wise.

regards
FF


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Mackenzie Morgan]

On Sunday 05 April 2009 4:45:38 pm Remco wrote:
> On Sun, Apr 5, 2009 at 9:29 PM, Mackenzie Morgan  wrote:
> > There's already an option in System -> Administration -> Software sources 
to
> > have updates installed automatically.  There's also cron (the reason my 
mom's
> > computer gets updates at all).
> 
> Are there any problems with enabling automatic updates by default?
> Most users don't care about updates to the point that they never
> install them. And even if they would open the update manager, they
> would more likely just install all updates than select the updates
> they want. Hell, that's the way I work! How many people actually
> benefit from any interaction with the update manager?

The only trouble is that some updates stop services.  Hal may need to be 
restarted, and if Firefox isn't restarted after an update it breaks royally.

-- 
Mackenzie Morgan
http://ubuntulinuxtipstricks.blogspot.com
apt-get moo


signature.asc
Description: This is a digitally signed message part.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Evan Murphy]

2009/4/5 Remco 

> On Sun, Apr 5, 2009 at 9:29 PM, Mackenzie Morgan 
> wrote:
> > There's already an option in System -> Administration -> Software sources
> to
> > have updates installed automatically.  There's also cron (the reason my
> mom's
> > computer gets updates at all).
>
> Are there any problems with enabling automatic updates by default?
> Most users don't care about updates to the point that they never
> install them. And even if they would open the update manager, they
> would more likely just install all updates than select the updates
> they want. Hell, that's the way I work! How many people actually
> benefit from any interaction with the update manager?
>
> The way Microsoft does it, is that it asks (enabled by default) to
> install updates on shutdown. I don't know how that would be better
> than completely automatic updates.
>
> Remco
>

I'm inclined to think automatic updates would be a more fitting default for
Ubuntu as well.

Evan
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Evan Murphy]

2009/4/5 Remco 

> On Sun, Apr 5, 2009 at 9:29 PM, Mackenzie Morgan 
> wrote:
> > There's already an option in System -> Administration -> Software sources
> to
> > have updates installed automatically.  There's also cron (the reason my
> mom's
> > computer gets updates at all).
>
> Are there any problems with enabling automatic updates by default?
> Most users don't care about updates to the point that they never
> install them. And even if they would open the update manager, they
> would more likely just install all updates than select the updates
> they want. Hell, that's the way I work! How many people actually
> benefit from any interaction with the update manager?
>
> The way Microsoft does it, is that it asks (enabled by default) to
> install updates on shutdown. I don't know how that would be better
> than completely automatic updates.
>
> Remco
>

I'm inclined to think automatic updates would be a more fitting default for
Ubuntu as well.

Evan
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Remco]

On Sun, Apr 5, 2009 at 9:29 PM, Mackenzie Morgan  wrote:
> There's already an option in System -> Administration -> Software sources to
> have updates installed automatically.  There's also cron (the reason my mom's
> computer gets updates at all).

Are there any problems with enabling automatic updates by default?
Most users don't care about updates to the point that they never
install them. And even if they would open the update manager, they
would more likely just install all updates than select the updates
they want. Hell, that's the way I work! How many people actually
benefit from any interaction with the update manager?

The way Microsoft does it, is that it asks (enabled by default) to
install updates on shutdown. I don't know how that would be better
than completely automatic updates.

Remco

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Mackenzie Morgan]

On Sunday 05 April 2009 7:15:20 am John McCabe-Dansted wrote:
> Still, an overnight auto-update seems like a sensible default for
> novice users who don't need or want to know what an update is. This is
> what I set my computer too when I am overseas and leave my computer on
> for family to use.

There's already an option in System -> Administration -> Software sources to 
have updates installed automatically.  There's also cron (the reason my mom's 
computer gets updates at all).

-- 
Mackenzie Morgan
http://ubuntulinuxtipstricks.blogspot.com
apt-get moo


signature.asc
Description: This is a digitally signed message part.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Matt Wheeler]

2009/4/5 John McCabe-Dansted :

Adding something like
  %sudo ALL=NOPASSWD: aptitude update
to the sudoers gives almost the right rights. If there is no user
input into aptitude, then this does not add any new such security
holes.


/usr/bin/aptitude would be safer, but yes.


However, Update-manager allows the user to unselect updates. So to
allow non-root users to do a selective upgrade, we'd have to pass in
the packages to update, running a risk that these package names are
malicious and cause Update-manager to do something bad. I imagine this
risk could be made quite small


What I'm talking about is unknown security holes, which unfortunately lots of 
apps seem to have. Is the risk of any being present sufficiently small?
Does using sudo rather than suid bit have any advantages security wise (apart 
from the obvious limits on which users can run the program)?


Still, an overnight auto-update seems like a sensible default for
novice users who don't need or want to know what an update is. This is
what I set my computer too when I am overseas and leave my computer on
for family to use.


I agree, I think automatic updates are a good idea in general.
Perhaps there are ways of getting around the issues people have mentioned with 
updates stopping current processes from working properly? I don't know but it 
seems like that would mean changes to the way dpkg works (or at least some 
clever scheduling by apt(itude).


--
Matt Wheeler
m...@funkyhat.org



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[John McCabe-Dansted]

On Sun, Apr 5, 2009 at 1:23 AM, Matt Wheeler  wrote:
> 2009/4/4 Nils Kassube :
>>
>> If you don't trust update-manager you would have to check everything
>> after an update. I don't think anybody will do that even after
>> providing the password. Most users don't even know what to look for to
>> check the system.
>
> That's not the point I'm trying to make. Maybe it's not as big an issue as I
> think, but I meant if update-manager had any possibility of crashing then
> perhaps a malicious user/program could use it to escalate privilieges (I've
> personally found 1 or 2 root escalation bugs in GDM for example, how would
> we guarantee not to have the same problems here)?

Adding something like
   %sudo ALL=NOPASSWD: aptitude update
to the sudoers gives almost the right rights. If there is no user
input into aptitude, then this does not add any new such security
holes.

However, Update-manager allows the user to unselect updates. So to
allow non-root users to do a selective upgrade, we'd have to pass in
the packages to update, running a risk that these package names are
malicious and cause Update-manager to do something bad. I imagine this
risk could be made quite small

Still, an overnight auto-update seems like a sensible default for
novice users who don't need or want to know what an update is. This is
what I set my computer too when I am overseas and leave my computer on
for family to use.

-- 
John C. McCabe-Dansted
PhD Student
University of Western Australia

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Matt Wheeler]

2009/4/4 Nils Kassube :

If you don't trust update-manager you would have to check everything
after an update. I don't think anybody will do that even after
providing the password. Most users don't even know what to look for to
check the system.


That's not the point I'm trying to make. Maybe it's not as big an issue as I 
think, but I meant if update-manager had any possibility of crashing then 
perhaps a malicious user/program could use it to escalate privilieges (I've 
personally found 1 or 2 root escalation bugs in GDM for example, how would we 
guarantee not to have the same problems here)?


--
Matt Wheeler
m...@funkyhat.org



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Nils Kassube]

Matt Wheeler wrote:
> but can we trust update-manager not to break and give someone 
> privileges they shouldn't have? I don't know, maybe we can, I just
> think it's worth being very careful about it.

If you don't trust update-manager you would have to check everything 
after an update. I don't think anybody will do that even after 
providing the password. Most users don't even know what to look for to 
check the system.


Nils

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Matt Wheeler]

2009/4/4 Remco :
> That's a different idea though. My idea is that having to provide a
> password is an unnecessary hurdle to people. Why must a password be
> provided to start the update process? A policy could be made to allow
> the update manager to do its thing without passwords.

Unless I'm mistaken update-manager would have to be rock-solid
security wise in that case. By it's nature it needs write access to
every file (at least every file outside of /home), and ability to stop
and start running processes in order to work properly (so setuid root,
right?).

I think if it were practical that would be a good move, as long as all
archives are signed I don't think much can go wrong on that side of
it, but can we trust update-manager not to break and give someone
privileges they shouldn't have? I don't know, maybe we can, I just
think it's worth being very careful about it.

-- 
Matt Wheeler
m...@funkyhat.org

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Remco]

2009/4/3 (``-_-´´) -- BUGabundo :
> Olá Remco e a todos.
>
> On Thursday 02 April 2009 14:12:00 Remco wrote:
>> One wishlist idea I have is that updates can be installed without having to 
>> provide a password.
>
> There's a public wishbug to allow Security Updates to be auto-installed, as 
> an option available on OEM,regular installer an on Software Properties, under 
> the tab Updates.
> I dont believe that regular updates should be auto installed, because it 
> could lead to more regressions.

That's a different idea though. My idea is that having to provide a
password is an unnecessary hurdle to people. Why must a password be
provided to start the update process? A policy could be made to allow
the update manager to do its thing without passwords.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[(``-_-´´) -- BUGabundo]

Olá Remco e a todos.

On Thursday 02 April 2009 14:12:00 Remco wrote:
> One wishlist idea I have is that updates can be installed without having to 
> provide a password.

There's a public wishbug to allow Security Updates to be auto-installed, as an 
option available on OEM,regular installer an on Software Properties, under the 
tab Updates.
I dont believe that regular updates should be auto installed, because it could 
lead to more regressions.

-- 
Hi, I'm BUGabundo, and I am Ubuntu (whyubuntu.com)
(``-_-´´)   http://LinuxNoDEI.BUGabundo.net
Linux user #443786GPG key 1024D/A1784EBB
http://BUGabundo.net


signature.asc
Description: This is a digitally signed message part.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[(``-_-´´) -- BUGabundo]

Olá Matthew e a todos.

On Thursday 02 April 2009 09:47:32 Matthew Paul Thomas wrote:
> For example here, if measurement has shown that downloading on average
> takes 60% of the time and installing on average takes 40 % of the time,
> and you're installing updates where the downloading is 80 % complete and
> the installation is 10 % complete, the progress bar should be 60 % × 80
> % + 40 % × 10 % = 34 % full.

That will fail on one very simple example:
I can be connected on 2G network in one day, and on a 100mb/s one the next day.
The time to download the updates will be very very different, while the time to 
install them on the same HW would be ~ the same.
Plus many users/companies have local repos (mirrors, apt-cacher, squid).

-- 
Hi, I'm BUGabundo, and I am Ubuntu (whyubuntu.com)
(``-_-´´)   http://LinuxNoDEI.BUGabundo.net
Linux user #443786GPG key 1024D/A1784EBB
http://BUGabundo.net


signature.asc
Description: This is a digitally signed message part.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Jan Claeys]

Op donderdag 02-04-2009 om 11:42 uur [tijdzone +0200], schreef Martin
Olsson:
> The algorithm should focus on keeping both the network and the
> CPU/HDD at the highest possible utilization rate at all times.

This is extremely difficult to (pre-)calculate, because it's dependent
on CPU speed, hard disk & filesystem speeds, network speed & mirror
server speeds.  And some of these parameters may fluctuate/change
unpredictably too.


-- 
Jan Claeys


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Jan Claeys]

Op donderdag 02-04-2009 om 11:42 uur [tijdzone +0200], schreef Martin
Olsson:
> The "new updates available" screen doesn't tell the user which ones are 
> critical/security
> updates.

They are in a different section already, I think?  (But jaunty has no
real security updates, I guess.)

> Popularity stats should not be skewed by "default installs" so I don't think 
> it should be based
> straight on popcon (maybe it should be weighted against some list of default 
> installed apps
> or something). Right now it looks like gnome games is more popular than for 
> example
> freeciv/openarena/chromium which I have a hard time believing. Maybe more 
> people play
> gnome games (because they are installed by default) but if I go into 
> AppCenter looking
> for a cool new game that's very "popular", I'm probably looking for something 
> else.

I don't think it's all that important to "except" default installed
applications, but applications (especially those that aren't installed
by default) should be compared to other similar applications (e.g.
compare FPS-games to other FPS-games).

> Why is "Fonts" it's own top-level item next to "Ubuntu Software"?

I can see some point in that, especially if it would provide a way to
preview the fonts.  But I think similar things should exist for free
clipart, free photos, free music, etc.  ;)

> I see that the "Description" field for each update is working properly in 
> your mockup.
> I really hope that you will list that as a explicitly feature and make sure 
> it "just works".
> Today update-manager has a feature where it shows a description for each 
> update but
> that functionality very often just doesn't work.

Actually, it says there is no description yet but also gives you an URL
that points to the description that it said doesn't exist yet.



I suppose update-manager doesn't pull this info from launchpad directly
because that could easily result in an unintentional DDoS.

But like you say, this information should be made available to
update-manager (and the new app) *much* *much* faster.


-- 
Jan Claeys


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Derek Broughton]

Martin Olsson wrote:

> Mackenzie Morgan wrote:
>> If you download and install everything that has 0 dependencies first,
>> then the ones that depend on those things, and on up the tree, it could
>> be doable. Except for cyclical dependencies. For those, you'd need to get
>> both downloaded before running dpkg on them.
> 
> Downloading everything with 0 dependencies first would be better than
> today but far from optimal. The algorithm should focus on keeping both the
> network and the CPU/HDD at the highest possible utilization rate at all
> times.
> 
> Another way would be an algorithm that considered the total number of
> bytes that needs to be downloaded for each package (the DEB itself plus
> all dependent DEBs) and then start with the one that has the least total
> size. This way you can start the installation as fast as possible.

Not bad, but I would intuitively suspect that means you'd end up getting all
the small stuff installed quickly and then wait for the big stuff.  Perhaps
what you really need to do is start with parallel gets for the largest
0-dependency file and the smallest.  Keep taking the next largest or
smallest as each pipe becomes available, and after downloading _each_ file,
recalculate whether any other package's dependencies have been met.
-- 
derek


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Derek Broughton]

Mackenzie Morgan wrote:

> On Wednesday 01 April 2009 3:34:06 pm Derek Broughton wrote:

>> No, he means "install" some packages while others are still downloading. 
>> I can see that being very advantageous to a dial-up user, but I wonder if
>> it can even be possible.
> 
> If you download and install everything that has 0 dependencies first, then
> the ones that depend on those things, and on up the tree, it could be
> doable. Except for cyclical dependencies. For those, you'd need to get
> both downloaded before running dpkg on them.
 
You could well be right - I've never been able to work out, from simple
observation of the output, what the ordering of downloads is (though
clearly it parallelizes downloads from different mirrors), but presumably
it has something to do with the way the dependencies are resolved, so I
suppose at least some of the necessary logic is already there.
-- 
derek


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Remco]

One wishlist idea I have is that updates can be installed without
having to provide a password. Installing updates must be as easy as
possible, because I often see that icon in other people's notification
area, with hundreds of updates available. They just don't really care.

Remco

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Martin Olsson]

Matthew Paul Thomas wrote:
> We have not made any decisions about whether this program would be based
> on PackageKit, Add/Remove Applications, Synaptic, or something else, or
> written from scratch. We should first design what it will do and how it
> will behave, then work out how to implement it.

As you now doubt have heard numerous times already, if we could ever get to a
consistent interface between RPM / DEB based distros that would be a gigantic
win for Linux overall. For some extent I therefore think Canonical should have 
at
least a small packagekit bias, should all the available options be _roughly_ 
equivalent.


I also have some feedback on the AppCenter spec (maybe there is something here 
you'd
want to note even though I hope you will measure all such things in a proper UX 
study).

The "new updates available" screen doesn't tell the user which ones are 
critical/security
updates. While the file size of the update is nice to know, it's probably more 
important
to have some icon that marks it as "really important". Windows update seems to 
have both
but they emphasize the "update importance" and just write out the filesize as a 
"FYI".

Popularity stats should not be skewed by "default installs" so I don't think it 
should be based
straight on popcon (maybe it should be weighted against some list of default 
installed apps
or something). Right now it looks like gnome games is more popular than for 
example
freeciv/openarena/chromium which I have a hard time believing. Maybe more 
people play
gnome games (because they are installed by default) but if I go into AppCenter 
looking
for a cool new game that's very "popular", I'm probably looking for something 
else.

I think the terms "Ubuntu Software" and "Partner Software" is a bit unclear. It 
sounds
like the partner software is not Ubuntu software? I guess you are referring to 
Canonical
Maintained apps but I don't have a better name for it.

Why is "Fonts" it's own top-level item next to "Ubuntu Software"?

I see that the "Description" field for each update is working properly in your 
mockup.
I really hope that you will list that as a explicitly feature and make sure it 
"just works".
Today update-manager has a feature where it shows a description for each update 
but
that functionality very often just doesn't work. One could argue that 
update-manager is
working properly and that it's the underlying infrastructure that doesn't work 
as it
should (for instance "aptitude changelog BLAH" very often doesn't work either) 
but the
end user doesn't care which app is broken and therefore I hope you will strech 
outside
of this new AppCenter UI and fix the _experience_ that is actually delivered to 
the end user.


Martin

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Martin Olsson]

Mackenzie Morgan wrote:
> If you download and install everything that has 0 dependencies first, then 
> the 
> ones that depend on those things, and on up the tree, it could be doable. 
> Except for cyclical dependencies. For those, you'd need to get both 
> downloaded 
> before running dpkg on them.

Downloading everything with 0 dependencies first would be better than today but
far from optimal. The algorithm should focus on keeping both the network and the
CPU/HDD at the highest possible utilization rate at all times.

Another way would be an algorithm that considered the total number of bytes 
that needs
to be downloaded for each package (the DEB itself plus all dependent DEBs) and 
then start
with the one that has the least total size. This way you can start the 
installation
as fast as possible.


Martin

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Matthew Paul Thomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Evan wrote on 01/04/09 22:21:
> 
> On Wed, Apr 1, 2009 at 10:25 AM, Matthew Paul Thomas  > wrote:
>...
>>> The front end would display two progress bars, one for download and
>>> one for installation.
>>
>> Hopefully that isn't necessary. I shouldn't see two progress bars for
>> something that, from my point of view, is a single task.
> 
> I'm not so sure. If they are going to be happening in parallel, then
> they will have different % complete values. You could combine them, but
> I think that would jump around enough to be confusing.

Combining subtasks into a single non-jumping progress bar takes a bit of
developer effort, but the overall method is fairly simple. First, with a
variety of representative tasks on a variety of representative machines,
measure how long each subtask takes. Then take the average proportion of
the time taken by each subtask, and allocate that much of the progress
bar to the subtask. For greater accuracy, adjust the proportions
dynamically based on what the program knows at the start about the
subtasks of this particular task, and/or the time taken by previous
tasks on the same machine.

For example here, if measurement has shown that downloading on average
takes 60% of the time and installing on average takes 40 % of the time,
and you're installing updates where the downloading is 80 % complete and
the installation is 10 % complete, the progress bar should be 60 % × 80
% + 40 % × 10 % = 34 % full.

> As a note, I see two separate progress bars in Windows app installers
> all the time. For all I know this could be their usability issue, and
> not something to emulate, but I'm just saying that it is done.

Yes, we have higher standards. :-)

>...
>> It wouldn't be necessary to put the queue in a separate window. It
>> could be a viewable item in the main window, as it is in Miro for
>> example.
> 
> I hadn't even considered this, but it does make sense, especially if
> (as the blueprint suggests) there will be only one GUI for all four of
> the current ones, and thus no separate command sources to consider. If
> this becomes the case, I would ask for the ability to hide all but the
> install progress so that it doesn't take up as much screen space.
>...

Another good idea, thanks. I've added it to the wiki page.

Cheers
- --
Matthew Paul Thomas
http://mpt.net.nz/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknUe6AACgkQ6PUxNfU6ecoxnwCfeOtYyEwSnrwyaRjc+GIkniZI
b+oAnjORkPyY3VxlBSNsPEWI9T6xc5fa
=IDhd
-END PGP SIGNATURE-

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Matthew Paul Thomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Surfaz Gemon Meme wrote on 01/04/09 21:24:
> 
> Sorry but I do not understand you.
> 
> Why do you want to create new applications and not to improve and
> adopt PackageKit?

We have not made any decisions about whether this program would be based
on PackageKit, Add/Remove Applications, Synaptic, or something else, or
written from scratch. We should first design what it will do and how it
will behave, then work out how to implement it.

> I think it would be a good idea to start by replacing gnome-app for
> Packagekit. Let me explain, using PackageKit as an "easy" tool to
> install programs and Synpatic as the "advanced" tool of package
> management.

That Ubuntu ships with two gratuitously inconsistent tools for the same
general task is one of the worst problems with the current situation.
With rare exceptions, having "easy" and "advanced" tools for the same
task makes sense only for software companies that are charging different
prices for them.

- --
Matthew Paul Thomas
http://mpt.net.nz/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknUdsIACgkQ6PUxNfU6ecrOxACgm+/zcE+K9IsJm5JeImSmctVp
xRQAoL5fUJE05RpJwMtzroFDbd5vTj/L
=61Py
-END PGP SIGNATURE-

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Mackenzie Morgan]

On Wednesday 01 April 2009 3:34:06 pm Derek Broughton wrote:
> John Vivirito wrote:
> 
> > On 03/31/2009 06:19 PM, Evan wrote:
> >> While apt, synaptic, update-manager, and gnome-app-install all do decent
> >> jobs of providing front-ends for package management, there are a few
> >> issues and common feature requests which bear taking a look at. This is a
> >> strawman, so feel free to rip it apart as necessary.
> >> 
> >> PolicyKit
> >> Synaptic runs fully as root. Unless there is a specific reason not to,
> >> should it not be migrated to PolicyKit?
> >>
> > 
> > The reason they start up as root is because other than browsing the
> > packages is to install/remove and change repo settings. Most people that
> > browse packages will install at least one. I guess i don't get the idea.
> 
> I guess I can't parse your first sentence.  One reason why I stopped ever
> using synaptic is _because_ it runs full time as root, and locks the apt
> database.  10 years ago Corel Linux had a version of kpackage that only did
> what it had to as root, and kept the database locked as little as possible. 
> I spend at least twice as much time using package managers to browse, than
> to actually install.

KPackageKit is like that.

> >> Parallelism
> >> Starting the install process in parallel with the download process as
> >> soon as the first packages are finished downloading. (I got this idea
> >> from brainstorm, but I can no longer find the relevant idea.)
> > 
> > By this you mean being able to browse packages while upgrade/install
> > packages? Than start download of the packages you choose to
> > upgrade/install? 
> 
> No, he means "install" some packages while others are still downloading.  I
> can see that being very advantageous to a dial-up user, but I wonder if it
> can even be possible.

If you download and install everything that has 0 dependencies first, then the 
ones that depend on those things, and on up the tree, it could be doable. 
Except for cyclical dependencies. For those, you'd need to get both downloaded 
before running dpkg on them.

-- 
Mackenzie Morgan
http://ubuntulinuxtipstricks.blogspot.com
apt-get moo


signature.asc
Description: This is a digitally signed message part.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Jan Claeys]

Op woensdag 01-04-2009 om 15:25 uur [tijdzone +0100], schreef Matthew
Paul Thomas:
> > The front end would display two progress bars, one for download and one
> > for installation.
> 
> Hopefully that isn't necessary. I shouldn't see two progress bars for
> something that, from my point of view, is a single task.

*If* installing runs in parallel with downloading, then there should be
an indication that downloading is ready, so that people who pay their
internet per time unit can drop the connection.

-- 
Jan Claeys


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Derek Broughton]

John Vivirito wrote:

> On 03/31/2009 06:19 PM, Evan wrote:
>> While apt, synaptic, update-manager, and gnome-app-install all do decent
>> jobs of providing front-ends for package management, there are a few
>> issues and common feature requests which bear taking a look at. This is a
>> strawman, so feel free to rip it apart as necessary.
>> 
>> PolicyKit
>> Synaptic runs fully as root. Unless there is a specific reason not to,
>> should it not be migrated to PolicyKit?
>>
> 
> The reason they start up as root is because other than browsing the
> packages is to install/remove and change repo settings. Most people that
> browse packages will install at least one. I guess i don't get the idea.

I guess I can't parse your first sentence.  One reason why I stopped ever
using synaptic is _because_ it runs full time as root, and locks the apt
database.  10 years ago Corel Linux had a version of kpackage that only did
what it had to as root, and kept the database locked as little as possible. 
I spend at least twice as much time using package managers to browse, than
to actually install.

>> Parallelism
>> Starting the install process in parallel with the download process as
>> soon as the first packages are finished downloading. (I got this idea
>> from brainstorm, but I can no longer find the relevant idea.)
> 
> By this you mean being able to browse packages while upgrade/install
> packages? Than start download of the packages you choose to
> upgrade/install? 

No, he means "install" some packages while others are still downloading.  I
can see that being very advantageous to a dial-up user, but I wonder if it
can even be possible.
-- 
derek


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re : Looking at Package Management for Karmic or Karmic+1

[Paul Dufresne]

Someone said:
>One gigantic improvement would be downloading package deltas instead of >whole 
>.DEB files.
I care even more about doing that for apt-get update, than apt-get upgrade.
I am using a bit 56k, and I have seen in last few days that apt-get
update is part of cron.daily now.
I did not deactivated it yet, but I think to do it, because it is a
long process under 56k, and it make things go extremely slow while you
browse.
Better do that when you are away from keyboard.

But it should not be long to download the list of packages updated...
I think this is text files no?
Tools for text diff are there for so long.
You'd have to have many such diff files however...
diff for latest hour, latest 6 hours, latest day, latest 4 days... and
I would stop there.
(If it makes 1 week you did not update, better take the full files).

I can imagine that these diff for .deb could be a pression either on
hard disk space if you save them, either on CPU if you have to
calculate them before sending to the client.
But on the list of packages... for me it make a lot of sense.

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Evan]

On Wed, Apr 1, 2009 at 10:25 AM, Matthew Paul Thomas wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi Evan
>
> Evan wrote on 31/03/09 23:19:
> >
> > While apt, synaptic, update-manager, and gnome-app-install all do
> > decent jobs of providing front-ends for package management, there are
> > a few issues and common feature requests which bear taking a look at.
> > This is a strawman, so feel free to rip it apart as necessary.
>
> In Canonical's Design and User Experience team we've just (this morning)
> started tackling the issue of package management in general, so your
> message is excellently timed.
>

100% coincidence. Honest.


> > PolicyKit
> > Synaptic runs fully as root. Unless there is a specific reason not to,
> > should it not be migrated to PolicyKit?
> >
> > Queuing
> > The ability to start an install process, and then decide to queue
> > another app to install / update after the first is finished.
> >
> > Parallelism
> > Starting the install process in parallel with the download process as
> > soon as the first packages are finished downloading. (I got this idea
> > from brainstorm, but I can no longer find the relevant idea.)
>
> All good ideas. I've added them to
> .


Thank you. I didn't know it had a wiki blueprint already.

> I'm not sure what we ought to be changing or replacing, but I would
> > think we want to write a replacement for apt as the backend, and a
> > replacement for whatever provides the progress-bar in the GUI?
>
> We'd need to get into a lot more design detail before deciding anything
> as fundamental as whether apt needs replacing.
>

Agreed.

> The front end would display two progress bars, one for download and one
> > for installation.
>
> Hopefully that isn't necessary. I shouldn't see two progress bars for
> something that, from my point of view, is a single task.
>

I'm not so sure. If they are going to be happening in parallel, then they
will have different % complete values. You could combine them, but I think
that would jump around enough to be confusing.

As a note, I see two separate progress bars in Windows app installers all
the time. For all I know this could be their usability issue, and not
something to emulate, but I'm just saying that it is done.


> >   It would also display a queue of what's to come
> > (perhaps with little Xs to cancel something if you change your mind).
> > It would be a seperate window in it's own right,
>
> It wouldn't be necessary to put the queue in a separate window. It could
> be a viewable item in the main window, as it is in Miro for example.


I hadn't even considered this, but it does make sense, especially if (as the
blueprint suggests) there will be only one GUI for all four of the current
ones, and thus no separate command sources to consider. If this becomes the
case, I would ask for the ability to hide all but the install progress so
that it doesn't take up as much screen space.


On Wed, Apr 1, 2009 at 2:24 PM, Martin Olsson  wrote:

> One gigantic improvement would be downloading package deltas
> instead of whole .DEB files. I don't think this is necessarily that
> hard to do in a reliable fashion. I assume you already thought
> about that and it might be out of Ubuntu's scope (i.e. better
> developed separately and then integrated into Ubuntu once it's
> stable).
>

AFAIK this idea has been kicking around for years but nobody has ever really
gotten around to it. I agree that it is a bit out of scope (especially for
Karmic), but I would really like to see this implemented at some point. I
heard a rumour that upstream (debian) was looking at it, but nothing since.
Can anybody fill in a few more details here?

Another, much much simpler, feature request I have been thinking
> about is to make installing updates faster by letting the download
> and install parts run in parallel. With the current code I first
> see my network capacity being maxed out with CPU and HDD activity
> at nearly zero, then network activity stops and the machine starts
> to tax the CPU and harddrive. Once a package plus it's dependencies
> are downloaded, I don't see why that package cannot be allowed to
> start it's installation / upgrade while the rest of the packages
> are still being downloaded.
>

This is what I meant by "Paralellism" in my original post.

Evan
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Surfaz Gemon Meme]

Sorry but I do not understand you.

Why do you want to create new applications and not to improve and adopt
PackageKit?

I think it would be a good idea to start by replacing gnome-app for
Packagekit. Let me explain, using PackageKit as an "easy" tool to install
programs and Synpatic as the "advanced" tool of package management.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Martin Olsson]

One gigantic improvement would be downloading package deltas
instead of whole .DEB files. I don't think this is necessarily that
hard to do in a reliable fashion. I assume you already thought
about that and it might be out of Ubuntu's scope (i.e. better
developed separately and then integrated into Ubuntu once it's
stable).

Another, much much simpler, feature request I have been thinking
about is to make installing updates faster by letting the download
and install parts run in parallel. With the current code I first
see my network capacity being maxed out with CPU and HDD activity
at nearly zero, then network activity stops and the machine starts
to tax the CPU and harddrive. Once a package plus it's dependencies
are downloaded, I don't see why that package cannot be allowed to
start it's installation / upgrade while the rest of the packages
are still being downloaded.


Martin


Matthew Paul Thomas wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Hi Evan
> 
> Evan wrote on 31/03/09 23:19:
>> While apt, synaptic, update-manager, and gnome-app-install all do
>> decent jobs of providing front-ends for package management, there are
>> a few issues and common feature requests which bear taking a look at.
>> This is a strawman, so feel free to rip it apart as necessary.
> 
> In Canonical's Design and User Experience team we've just (this morning)
> started tackling the issue of package management in general, so your
> message is excellently timed.
> 
>> Modal Dialogues
>> All three of the GUIs currently use modal dialogues for the actual
>> download/install process, and this is considered a usability issue
>> AFAIK (I'm not a usability expert by any stretch of the imagination,
>> please correct me if I'm wrong).
> 
> You are quite correct: wherever a program has a modal progress window,
> it should be showing progress in the parent window instead. (See
> Thunderbird's "Sending Messages" and "Saving Messages" progress windows
> for more examples of how not to do it.)
> 
>>  I believe most people would like to
>> be able to continue browsing available applications, or reading
>> changelogs of updates while the packages are downloading and
>> installing.
> 
> Well, "most people" is debatable, but that's not a reason to make it
> impossible. It will just be a little tricky to implement.
> 
>> PolicyKit
>> Synaptic runs fully as root. Unless there is a specific reason not to,
>> should it not be migrated to PolicyKit?
>>
>> Queuing
>> The ability to start an install process, and then decide to queue
>> another app to install / update after the first is finished.
>>
>> Parallelism
>> Starting the install process in parallel with the download process as
>> soon as the first packages are finished downloading. (I got this idea
>> from brainstorm, but I can no longer find the relevant idea.)
> 
> All good ideas. I've added them to
> .
> 
>> I'm not sure what we ought to be changing or replacing, but I would
>> think we want to write a replacement for apt as the backend, and a
>> replacement for whatever provides the progress-bar in the GUI?
> 
> We'd need to get into a lot more design detail before deciding anything
> as fundamental as whether apt needs replacing.
> 
>> ...
>> The front end would display two progress bars, one for download and one
>> for installation.
> 
> Hopefully that isn't necessary. I shouldn't see two progress bars for
> something that, from my point of view, is a single task.
> 
>>   It would also display a queue of what's to come
>> (perhaps with little Xs to cancel something if you change your mind).
>> It would be a seperate window in it's own right,
> 
> It wouldn't be necessary to put the queue in a separate window. It could
> be a viewable item in the main window, as it is in Miro for example.
> 
>>  perhaps with the
>> ability to minize to tray.
>> ...
> 
> Unlikely. :-)
> 
> Thanks for your ideas. We'll be discussing this more in the coming
> weeks, so feel free to post more either here or on the wiki page.
> 
> Cheers
> - --
> Matthew Paul Thomas
> http://mpt.net.nz/
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAknTeVkACgkQ6PUxNfU6ecq3lQCgv4cvut4GjIrBJxxEv3S/cQcb
> DQ8AnRpHqD5rJLM+sh7H9kwPtY8N92pt
> =/hZp
> -END PGP SIGNATURE-
> 


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[George Farris]

On Tue, 2009-03-31 at 22:02 -0300, Felipe Figueiredo wrote:
> Evan escreveu:
> > While apt, synaptic, update-manager, and gnome-app-install all do
> > decent jobs of providing front-ends for package management, there are
> > a few issues and common feature requests which bear taking a look at.
> > This is a strawman, so feel free to rip it apart as necessary.
> 
> I miss the ability to check out changelogs from installed packages in
> synaptic. It would be useful to see it while offline, or for packages
> not in ubuntu (e.g., packages from medibuntu). The way it works now,
> it's mainly intended to check for what's changed before the user
> upgrades the package, since you have to download it each time, even if
> there's no newer pacakge.
> 

While we are at it, it would be nice to have an owner and permissions
database so one could reset to package install conditions or use it to
do integrity checks.

Cheers



-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Mackenzie Morgan]

On Wednesday 01 April 2009 6:02:38 am John Vivirito wrote:
> On 03/31/2009 06:19 PM, Evan wrote:
> > While apt, synaptic, update-manager, and gnome-app-install all do decent
> > jobs of providing front-ends for package management, there are a few 
issues
> > and common feature requests which bear taking a look at. This is a 
strawman,
> > so feel free to rip it apart as necessary.
> > 
> > PolicyKit
> > Synaptic runs fully as root. Unless there is a specific reason not to,
> > should it not be migrated to PolicyKit?
> >
> 
> The reason they start up as root is because other than browsing the
> packages is to install/remove and change repo settings. Most people that
> browse packages will install at least one. I guess i don't get the idea.

Until I learned about dpkg -l and apt-cache version, I looked in Synaptic to 
find out version numbers.  Until I learned about apt-cache search, I used 
Synaptic to find out package names to tell people to install.  I'd say browsing 
the packages to avoid those commands or due to ignorance of those commands is 
a normal thing for anyone that doesn't sit around reading dpkg and apt-cache's 
manpages for fun.

> > Modal Dialogues
> > All three of the GUIs currently use modal dialogues for the actual
> > download/install process, and this is considered a usability issue AFAIK
> > (I'm not a usability expert by any stretch of the imagination, please
> > correct me if I'm wrong). I believe most people would like to be able to
> > continue browsing available applications, or reading changelogs of updates
> > while the packages are downloading and installing.
> 
> What do you mean as a usability feature more so than "issue"

You can't run two apt-get commands at the same time, but you can certainly do 
apt-cache commands while an apt-get is running.  This'd be the equivalent.

> > Queuing
> > The ability to start an install process, and then decide to queue another
> > app to install / update after the first is finished.
> > 
> > Parallelism
> > Starting the install process in parallel with the download process as soon
> > as the first packages are finished downloading. (I got this idea from
> > brainstorm, but I can no longer find the relevant idea.)
> 
> By this you mean being able to browse packages while upgrade/install
> packages? Than start download of the packages you choose to upgrade/install?
> I dont remember off hand why we only let one apt/dpkg run at one time
> but it has been that way a long time IIRC.
> IMHO this idea can cause problems, example: It can cause corrupt
> files/links. Now I'm not sure how true this is If this is wrong please
> feel free to comment.

As above...two apt-get's can't run simultaneously, but "apt-get install foo ; 
apt-get install bar" is certainly valid.

-- 
Mackenzie Morgan
http://ubuntulinuxtipstricks.blogspot.com
apt-get moo


signature.asc
Description: This is a digitally signed message part.
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Matthew Paul Thomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Evan

Evan wrote on 31/03/09 23:19:
> 
> While apt, synaptic, update-manager, and gnome-app-install all do
> decent jobs of providing front-ends for package management, there are
> a few issues and common feature requests which bear taking a look at.
> This is a strawman, so feel free to rip it apart as necessary.

In Canonical's Design and User Experience team we've just (this morning)
started tackling the issue of package management in general, so your
message is excellently timed.

> Modal Dialogues
> All three of the GUIs currently use modal dialogues for the actual
> download/install process, and this is considered a usability issue
> AFAIK (I'm not a usability expert by any stretch of the imagination,
> please correct me if I'm wrong).

You are quite correct: wherever a program has a modal progress window,
it should be showing progress in the parent window instead. (See
Thunderbird's "Sending Messages" and "Saving Messages" progress windows
for more examples of how not to do it.)

>  I believe most people would like to
> be able to continue browsing available applications, or reading
> changelogs of updates while the packages are downloading and
> installing.

Well, "most people" is debatable, but that's not a reason to make it
impossible. It will just be a little tricky to implement.

> PolicyKit
> Synaptic runs fully as root. Unless there is a specific reason not to,
> should it not be migrated to PolicyKit?
> 
> Queuing
> The ability to start an install process, and then decide to queue
> another app to install / update after the first is finished.
> 
> Parallelism
> Starting the install process in parallel with the download process as
> soon as the first packages are finished downloading. (I got this idea
> from brainstorm, but I can no longer find the relevant idea.)

All good ideas. I've added them to
.

> I'm not sure what we ought to be changing or replacing, but I would
> think we want to write a replacement for apt as the backend, and a
> replacement for whatever provides the progress-bar in the GUI?

We'd need to get into a lot more design detail before deciding anything
as fundamental as whether apt needs replacing.

>...
> The front end would display two progress bars, one for download and one
> for installation.

Hopefully that isn't necessary. I shouldn't see two progress bars for
something that, from my point of view, is a single task.

>   It would also display a queue of what's to come
> (perhaps with little Xs to cancel something if you change your mind).
> It would be a seperate window in it's own right,

It wouldn't be necessary to put the queue in a separate window. It could
be a viewable item in the main window, as it is in Miro for example.

>  perhaps with the
> ability to minize to tray.
>...

Unlikely. :-)

Thanks for your ideas. We'll be discussing this more in the coming
weeks, so feel free to post more either here or on the wiki page.

Cheers
- --
Matthew Paul Thomas
http://mpt.net.nz/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknTeVkACgkQ6PUxNfU6ecq3lQCgv4cvut4GjIrBJxxEv3S/cQcb
DQ8AnRpHqD5rJLM+sh7H9kwPtY8N92pt
=/hZp
-END PGP SIGNATURE-

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[John Vivirito]

On 03/31/2009 06:19 PM, Evan wrote:
> While apt, synaptic, update-manager, and gnome-app-install all do decent
> jobs of providing front-ends for package management, there are a few issues
> and common feature requests which bear taking a look at. This is a strawman,
> so feel free to rip it apart as necessary.
> 
> PolicyKit
> Synaptic runs fully as root. Unless there is a specific reason not to,
> should it not be migrated to PolicyKit?
>

The reason they start up as root is because other than browsing the
packages is to install/remove and change repo settings. Most people that
browse packages will install at least one. I guess i don't get the idea.

> Modal Dialogues
> All three of the GUIs currently use modal dialogues for the actual
> download/install process, and this is considered a usability issue AFAIK
> (I'm not a usability expert by any stretch of the imagination, please
> correct me if I'm wrong). I believe most people would like to be able to
> continue browsing available applications, or reading changelogs of updates
> while the packages are downloading and installing.

What do you mean as a usability feature more so than "issue"

> Queuing
> The ability to start an install process, and then decide to queue another
> app to install / update after the first is finished.
> 
> Parallelism
> Starting the install process in parallel with the download process as soon
> as the first packages are finished downloading. (I got this idea from
> brainstorm, but I can no longer find the relevant idea.)

By this you mean being able to browse packages while upgrade/install
packages? Than start download of the packages you choose to upgrade/install?
I dont remember off hand why we only let one apt/dpkg run at one time
but it has been that way a long time IIRC.
IMHO this idea can cause problems, example: It can cause corrupt
files/links. Now I'm not sure how true this is If this is wrong please
feel free to comment.
-- 
Sincerely Yours,
John Vivirito

https://launchpad.net/~gnomefreak
https://wiki.ubuntu.com/JohnVivirito
Linux User# 414246

"How can i get lost, if i have no where to go"
-- Metallica from Unforgiven III



signature.asc
Description: OpenPGP digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Looking at Package Management for Karmic or Karmic+1

[Felipe Figueiredo]

Evan escreveu:
> While apt, synaptic, update-manager, and gnome-app-install all do
> decent jobs of providing front-ends for package management, there are
> a few issues and common feature requests which bear taking a look at.
> This is a strawman, so feel free to rip it apart as necessary.

I miss the ability to check out changelogs from installed packages in
synaptic. It would be useful to see it while offline, or for packages
not in ubuntu (e.g., packages from medibuntu). The way it works now,
it's mainly intended to check for what's changed before the user
upgrades the package, since you have to download it each time, even if
there's no newer pacakge.

regards
FF


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Looking at Package Management for Karmic or Karmic+1

[Evan]

While apt, synaptic, update-manager, and gnome-app-install all do decent
jobs of providing front-ends for package management, there are a few issues
and common feature requests which bear taking a look at. This is a strawman,
so feel free to rip it apart as necessary.

Modal Dialogues
All three of the GUIs currently use modal dialogues for the actual
download/install process, and this is considered a usability issue AFAIK
(I'm not a usability expert by any stretch of the imagination, please
correct me if I'm wrong). I believe most people would like to be able to
continue browsing available applications, or reading changelogs of updates
while the packages are downloading and installing.

PolicyKit
Synaptic runs fully as root. Unless there is a specific reason not to,
should it not be migrated to PolicyKit?

Queuing
The ability to start an install process, and then decide to queue another
app to install / update after the first is finished.

Parallelism
Starting the install process in parallel with the download process as soon
as the first packages are finished downloading. (I got this idea from
brainstorm, but I can no longer find the relevant idea.)

I'm not sure what we ought to be changing or replacing, but I would think we
want to write a replacement for apt as the backend, and a replacement for
whatever provides the progress-bar in the GUI?

The backend would accept regular apt-style commands, and would take care of:
- determining the optimal order for download to allow parallel download and
install
- seperating the download and install processes and running them in parallel
- queuing new commands separately by download and by install
 - if a new command requires a download, and the old command has
finished downloading, start the download for the new command right away even
if the old command is still installing
 - if a new command counters an old command that is still queued (eg
remove a package that hasn't actually been installed yet), remove both
commands from the queue.

The front end would display two progress bars, one for download and one for
installation. It would also display a queue of what's to come (perhaps with
little Xs to cancel something if you change your mind). It would be a
seperate window in it's own right, perhaps with the ability to minize to
tray.

This means that you could:
1. open update-manager
2. open gnome-app-install
3. start an update with update-manager
4. start installing an app with gnome-app-install
5. read the changelogs for the updates in update-manager
6. close update-manager
7. browse through other applications in gnome-app-install
8. close gnome-app-install
And through the entire process, the actual download/install would be
happening in an entirely seperate window, affected only by steps 3 and 4.


And that's the concept. Again, this is a strawman, so criticizm is welcome.

Evan
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss