Announcement: One Click Installer

Krzysztof Lichota krzysiek at
Tue Aug 7 18:36:23 UTC 2007

Matt Zimmerman napisaƂ(a):
> Thanks for sharing your ideas with us in detail.  This is an idea which has
> been on many of our minds for some time, but no one had gotten around to
> prototyping it yet.
> One concern that I have is that I feel it is important to ensure that
> applications and their dependencies are installed from the Ubuntu
> repositories wherever possible: if the application is available from Ubuntu,
> it should be installed from there, even if the user found it via a
> third-party website.  This ensures that it will receive official updates,
> and upgrade properly to the next release of Ubuntu, which is one of the
> great strengths of package management.
> Of course, there will be applications which cannot be added to Ubuntu, and
> so third-party repositories are necessary, but they should be avoided where
> they are redundant, as they complicate maintenance and upgrades.
> Does your design address this?

Creator of One Click Installer installation file decides which
repository will be used. If the application is available in Ubuntu
repository I do not see the point why he would prefer to point to some
other repository.

Additionally, Ubuntu could make such need void by providing prepackaged,
trusted installation files - only installation files signed using Ubuntu
key are trusted by default by One Click Installer. Files signed with
untrusted key are not installed and files without signature spawn
warning and default to aborting installation. I have described security
model in this e-mail:

So Ubuntu could just provide signed files for applications hosted in its
repository, signed with its key for use by everyone else. Files would be
hosted on Ubuntu server and everyone else (forum support people,
bloggers, journalists, ...)  could just provide links to these files
instead of creating them on their own.

To give it kick start this could be even automated to create
installation files based on descriptions from .deb files themselves.
Then they could be polished to provide better user experience (provide
optional documentation installation, language packs, etc.).

	Krzysztof Lichota

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Ubuntu-devel-discuss mailing list