FeatureSpecification: apt-third-party (resend)

Tristan Wibberley maihem at maihem.org
Fri Apr 7 22:07:52 BST 2006 

Mail Delivery System wrote:
> ------ This is a copy of the message ------
> 
> Jerry Haltom wrote:
> 
>> The user doesn't see that it is from a repository that they trust. The
>> interface isn't that sophisticated. The interface is the same regardless
>> of the repository the .apt file points to: "You are installing software.
>> Don't do it unless you are sure. Etc."
> 
> That won't be enough, the user will think "I trust the website where the
> link was, so I can trust the software that will be installed." Which is
> totally wrong, since the website might not even control the contents of
> the stanza file, let alone whether there are any trojans in the
> repository it points at.
> 
>> Even if you install from a trusted repository, it still asks you if you
>> are sure. It doesn't hint that it's "trusted" already. There is no need
>> to.
> 
> As long as the repository doesn't get added to sources.list. apt-get,
> aptitude, and synaptic all use that and won't (and shouldn't) give a
> warning, since being in sources.list implies that the admin actually
> trusts it.
> 
>> I think all of your arguments are based on the assumption that the trust
>> of a repository is something we store and care about.
> 
> Yes, I did assume that the trust of a repository is something to care
> about, but now I feel like a fool.
> 
>> ThirdPartyApt
>> doesn't make any decisions about the existing trust of the repository.
>> It doesn't need to. It is for installing previously UNTRUSTED software.
>> At that point, we are talking about allowing the user to install
>> ANYTHING. Root level programs that can do ANYTHING.
> 
> The user should never install software that they don't trust, but the
> user will trust anything unless they can justify exactly *why* they
> shouldn't be trusting it. That means you have to provide a reasonably
> effective means of differentiating between something the user can trust
> and something the user can't. That means letting the user know exactly
> who he needs to trust to be able to trust the software and its
> installation. Otherwise you may as well not pop up the warning dialogue
> because the user will just click "Install Anyway".
>

More information about the sounder mailing list