Custom web browser protocol to install from apt-get

[Matthew East]

On Sun, 2006-03-19 at 13:45 +0000, Tristan Wibberley wrote:
> John McCabe-Dansted wrote:
> >> Oh yes, but security is a big issue, at the moment people just install
> >> from the preconfigured repositories, with such an easy way to install,
> >> people will happily click yes. This should be made to scare bucketloads
> >> of poo from users if they are about to install packages from an
> >> untrusted source.
> > 
> > How safe are the other official repositories? E.g. Universe,
> > Multiverse and Backports?
> 
> They are maintained by the MOTUs (I don't know about backports - but I 
> think that one should be left for more experienced users) and they are 
> signed with the ftpmaster private key.

Backports packages are also signed. However, they may not be as reliable
as universe/multiverse packages because they essentially use the source
from the unstable version of the distribution. It is basically just like
getting a package from dapper (or when dapper is stable, from dapper+1).

> > These are not preconfigured, but it would be
> > nice if there was a nice easy way to let a user install packages from
> > these repositories from a web interface. I guess the main danger is
> > funny cruft in the control.tar.
> 
> I think the only thing that could be done for dapper (and might be too 
> much even then), is to install a script like the one in the dvdread 
> package, and put instructions on the web saying:

There is already a graphical tool which permits a user to add these
sources. Click System -> Administration -> Software Properties.
Alternatively, Synaptic has such a facility.

Matt
-- 
mdke at ubuntu.com
gnupg pub 1024D/0E6B06FF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/sounder/attachments/20060319/1c402489/attachment-0001.pgp