Announcement: One Click Installer

Matt Zimmerman mdz at
Wed Aug 8 15:09:38 UTC 2007

On Wed, Aug 08, 2007 at 04:58:21PM +0200, Krzysztof Lichota wrote:
> Matt Zimmerman napisał(a):
> > On Tue, Aug 07, 2007 at 09:57:42PM +0200, Krzysztof Lichota wrote:
> >> Matt Zimmerman napisał(a):
> >>> This provides the experience of locating the software on the web while
> >>> retaining the security and maintenance characteristics of the distribution
> >>> model.
> >> This is the approach of apt:// protocol. It is not extensible and it
> >> will not make Ubuntu competitive to rich software ecosystem of Windows.
> >> There _must_ be the way for third party software creators to publish
> >> their software easily. Otherwise they will not be interested in creating
> >> their apps for Linux.
> > 
> > The two are not mutually exclusive, and an ideal solution would incorporate
> > both.
> One Click Installer can be used for both, providing trusted, signed
> installation files signed by Ubuntu and providing unsigned files for
> third party developers.

It is not a question of whether the file is signed or not; it is a different

One is "install package X from repository Y". (One Click seems to do this,
from your description)

The other is "install package X from your existing, configured
repositories" (this is like apt:// and similar ideas)

The key difference is that in the latter case, the metadata does not supply
a repository, and there should be (notably) none of the usual security
issues, regardless of whether the metadata is authenticated.

 - mdz

More information about the Ubuntu-devel-discuss mailing list