Custom web browser protocol to install from apt-get

Tristan Wibberley maihem at maihem.org
Sun Mar 19 14:04:21 GMT 2006 

Matthew East wrote:
> On Sun, 2006-03-19 at 13:45 +0000, Tristan Wibberley wrote:
>> John McCabe-Dansted wrote:
>>>> Oh yes, but security is a big issue, at the moment people just install
>>>> from the preconfigured repositories, with such an easy way to install,
>>>> people will happily click yes. This should be made to scare bucketloads
>>>> of poo from users if they are about to install packages from an
>>>> untrusted source.
>>> How safe are the other official repositories? E.g. Universe,
>>> Multiverse and Backports?
>> They are maintained by the MOTUs (I don't know about backports - but I 
>> think that one should be left for more experienced users) and they are 
>> signed with the ftpmaster private key.
> 
> Backports packages are also signed. However, they may not be as reliable
> as universe/multiverse packages because they essentially use the source
> from the unstable version of the distribution. It is basically just like
> getting a package from dapper (or when dapper is stable, from dapper+1).
> 
>>> These are not preconfigured, but it would be
>>> nice if there was a nice easy way to let a user install packages from
>>> these repositories from a web interface. I guess the main danger is
>>> funny cruft in the control.tar.
>> I think the only thing that could be done for dapper (and might be too 
>> much even then), is to install a script like the one in the dvdread 
>> package, and put instructions on the web saying:
> 
> There is already a graphical tool which permits a user to add these
> sources. Click System -> Administration -> Software Properties.
> Alternatively, Synaptic has such a facility.

The problem is in filling out all the details.

A script that will get the list of sources like software properties 
does, find the ubuntu official ones, and add universe and multiverse to 
them would be an *awful* lot easier. Some of the users of ubuntu are 
very nervous of messing around with their computer, and copying a simple 
line of text would be a lot friendlier to them.

-- 
Tristan Wibberley

More information about the sounder mailing list