Matt Zimmerman napisaĆ(a): > Thanks for sharing your ideas with us in detail. This is an idea which has > been on many of our minds for some time, but no one had gotten around to > prototyping it yet. > > One concern that I have is that I feel it is important to ensure that > applications and their dependencies are installed from the Ubuntu > repositories wherever possible: if the application is available from Ubuntu, > it should be installed from there, even if the user found it via a > third-party website. This ensures that it will receive official updates, > and upgrade properly to the next release of Ubuntu, which is one of the > great strengths of package management. > > Of course, there will be applications which cannot be added to Ubuntu, and > so third-party repositories are necessary, but they should be avoided where > they are redundant, as they complicate maintenance and upgrades. > > Does your design address this?
Creator of One Click Installer installation file decides which repository will be used. If the application is available in Ubuntu repository I do not see the point why he would prefer to point to some other repository. Additionally, Ubuntu could make such need void by providing prepackaged, trusted installation files - only installation files signed using Ubuntu key are trusted by default by One Click Installer. Files signed with untrusted key are not installed and files without signature spawn warning and default to aborting installation. I have described security model in this e-mail: https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2007-August/001385.html So Ubuntu could just provide signed files for applications hosted in its repository, signed with its key for use by everyone else. Files would be hosted on Ubuntu server and everyone else (forum support people, bloggers, journalists, ...) could just provide links to these files instead of creating them on their own. To give it kick start this could be even automated to create installation files based on descriptions from .deb files themselves. Then they could be polished to provide better user experience (provide optional documentation installation, language packs, etc.). Krzysztof Lichota
signature.asc
Description: OpenPGP digital signature
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
