Announcement: One Click Installer

Krzysztof Lichota krzysiek at lichota.net
Tue Aug 7 19:04:47 UTC 2007 

Sebastian Heinlein napisaƂ(a):
> even a signed software can do a lot of harm to your system. installing
> software from the internet blindly is perhaps the cause for most
> unstable windows systems.

Any software can harm your system when used inappropriately. But it is
not the reason to forbid people to use it.
If someone is security conscious, he will take the risk into account. If
he is not aware of it, we can make him at least aware. Then the decision
is in the hands of user.

> if you require to only install signed packages only you would at least
> make sure that the package creator has got some basic skills.
> furthermore it could be nice to make use of the gnupg web of trust here.
> you could calculate  a trust level from the number and kind of
> signatures.

This is interesting proposal. But the problem is how to measure such
trust level? By requiring web of trust to reach one of Ubuntu developers?

> what are your plans about an translation infrastructure for the oci
> files? if you don't find any translators you won't get any translations
> - the current problem of ddtp.

The basic principle is that anyone can create installation files in
decentralized manners. So it would be up to local Ubuntu teams to
provide installation files with translated contents.
Any central repository (based on Rosetta or DDTP) should only help by
providing some coordination place.

> you mentioned tucows and a central wiki page many times. any plans on
> this? the idea was discussed several times in the past, but it was never
> implemented in the official ubuntu frame work. perhaps an error, since
> now we seem to get a lot of separated sites with no central quality
> assurance.

I have not mentioned central wiki page :)
My vision is completely different - there should be many places where
installation links can be provided. Some of them more formal and trusted
(for example packages.ubuntu.com, Ubuntu pages, etc.), some supported by
community (getdeb.net, etc.), some completely freelance - blogs, forums,
wikis, etc.

One Click Installer allows all these places to host installation links.
It is up to maintainers of packages.ubuntu.com, getdeb.net or any other
site to use it.
And distributions such as Ubuntu can help creating this ecosystem by
providing signed installation files for everyone to link to.

Of course I would really like to see central Ubuntu software repository
with trusted, signed installation files, extensive descriptions, ranks,
comments, etc. But it should not be the only place.

	Krzysztof Lichota



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20070807/45e26427/attachment.sig>

More information about the Ubuntu-devel-discuss mailing list