Announcement: One Click Installer

Krzysztof Lichota krzysiek at lichota.net
Mon Aug 6 23:04:48 UTC 2007 

Chris Wagner napisaƂ(a):
> Every time someone comes up with a new, more-intuitive way to install
> software on Linux, there seems to be more negative comments about it
> than positive.  I recall similar comments when Gdebi was proposed, but
> it seems to have gone over okay.
> 
> I only see one major flaw in Krzysztof's model: security.  (Am I wrong?
> Are there other serious problems?)  Unfortunately, that's arguably the
> most important issue.  Rather than shrug off this solution, though, why
> not come up with a mechanism for making it (at least somewhat) secure?

I completely agree the security is important.

One Click Installer files can be signed using GPG key. If the file is
unsigned, user is asked if he wants to proceed with explanation why he
should not install not signed file and the default option is to cancel
installation.

In first implementation I have completely disallowed unsigned files, but
it would prevent creating installation files by anyone else than
distribution developer with access to its signing key. So I dropped it
as too strict. But it is easy to provide, for example, a configuration
option to forbid installing unsigned files and provide way for advanced
users to skip it.

If the file is signed, but the key is not trusted (see below), the
installation stops with verification failure.

The trust delegation is currently based on keys used by apt. If the key
is trusted by apt to sign repositories, then it is trusted to sign
installation files. In particular, keys used to sign Ubuntu archive are
trusted as signers of installation files, so Ubuntu developers can sign
installation files they think are trustworthy and they will be shown as
trusted by Ubuntu users of One Click Installer.

The rationale behind that is that if key is trusted to install packages,
then these packages can do anything during installation or later as they
run with root privileges during installation.

The undesirable effect of this scheme is that if you install repository
of some person you delegate the trust to create installation files to
him. If someone can come up with better scheme, I would be happy to
implement it in One Click Installer.

> Krzysztof's solution seems like the quickest possible way to have a
> cross-distro (even potentially to non-Linux OS's) method for installing
> software.  

Exactly, One Click Installer file can hold any kind of installation
data, even for FreeBSD, Solaris or any other OS.


> Of course, the ideal solution would involve all Free Software
> platforms using a common, all-in-one package management system, but that
> day is a bit far off.

Right. We have to do whatever we can until this day comes :)

> Installing software via the Web is not just a bad habit created by
> Microsoft Windows; it makes sense.  What isn't a good idea, is
> installing random bits of software from untrusted sources.  Even as an
> advanced GNU/Linux user, I would venture to say that I *usually*
> discover new software via the Web.  For me, a system like "One Click
> Installer" is just an extra convenience (it often just saves me the time
> of "apt-get install ...").  For most people, however, it could be the
> difference between understanding how to get along with Linux, and not.

I couldn't agree more.

Thank you for your balanced and insightful post :)

	Krzysztof Lichota

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20070807/7c2238d0/attachment.sig>

More information about the Ubuntu-devel-discuss mailing list