Fwd: "Download & Install" vs "Repositories & Synaptic" and the need for a new URI [Was: Re: Going forward [Re: Automatix?]]

[Tristan Wibberley]

Jason Taylor wrote:

>> I think such a click install thing should be able to just select
>> packages from pre-configured repositories, and should be able to
>> *request* temporary addition of repositories, with the client giving a
>> *big* fat warning for new packages to be installed, and an even
>> *bigger*, *fatter* warning for packages being replaced that were
>> initially installed from a repository with a different signature.

> Agreed except im not sure allowing temp reops is a good idea. I think
> telling the user they need to enable repo xyz and making the user do
> this process manualy would be the blocker for random software installs
> that people object to, as this would prevent the random malware
> plaugue everybody fears

But if you enable repo xyz in general you get the problem of it being
there for future installs unless you remember to remove it, then things
could break horribly if they change a package and you do an update.
Making this a one time use avoids that. But it is good enough for a start.

> This is similar to the way firefox treats extension installs, they
> fail by default unless the domain is on a whitelist.  Then the user
> must add to the white list before trying the install again.

There aren't many complex interdependencies in a firefox install. A
whole operating system, fine grained approach like debian and Ubuntu
follow is going to take more sophistication.

-- 
Tristan Wibberley