On Wed, Aug 08, 2007 at 04:58:21PM +0200, Krzysztof Lichota wrote: > Matt Zimmerman napisał(a): > > On Tue, Aug 07, 2007 at 09:57:42PM +0200, Krzysztof Lichota wrote: > >> Matt Zimmerman napisał(a): > >>> This provides the experience of locating the software on the web while > >>> retaining the security and maintenance characteristics of the distribution > >>> model. > >> This is the approach of apt:// protocol. It is not extensible and it > >> will not make Ubuntu competitive to rich software ecosystem of Windows. > >> There _must_ be the way for third party software creators to publish > >> their software easily. Otherwise they will not be interested in creating > >> their apps for Linux. > > > > The two are not mutually exclusive, and an ideal solution would incorporate > > both. > > One Click Installer can be used for both, providing trusted, signed > installation files signed by Ubuntu and providing unsigned files for > third party developers.
It is not a question of whether the file is signed or not; it is a different abstraction. One is "install package X from repository Y". (One Click seems to do this, from your description) The other is "install package X from your existing, configured repositories" (this is like apt:// and similar ideas) The key difference is that in the latter case, the metadata does not supply a repository, and there should be (notably) none of the usual security issues, regardless of whether the metadata is authenticated. -- - mdz -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss