Untrusted software and security click-through warnings
Matthew Paul Thomas
mpt at canonical.com
Tue Oct 16 23:09:57 UTC 2007
On Oct 16, 2007, at 11:26 PM, Alexander Sack wrote:
> My opinion is clearly that we should come up with a decent and
> standardized way to add third party applications that we can actually
> _control_ and design in a way that at least gives our users a chance
> to educate themselves before taking any action.
> If you just ignore the demand to install third party applications from
> third party repositories you will likely train our user-base to just
> google the internet and follow arbitrary instructions they find - which
> can't be what we want.
I think the word "instead" hasn't been used enough in this discussion
so far. :-) People want to install third-party software. We can make it
easy for them, or we can make it hard for them, but that's attacking
the supply side, which is only part of the problem. (Here the labelling
of new software as "crack" is an apt analogy.) How should we tackle the
demand side? How should we encourage users to use official repositories
One way would be to make the tool that provides attractive software
listings (currently "Add/Remove Applications") also the only practical
way of installing third-party software. This would involve merging
gdebi into Add/Remove Applications; merging "Software Sources" into
Add/Remove Applications; and making the repository listing something
that could not practically be edited using copied-and-pasted terminal
commands (e.g. XML rather than space-delimited fields).
That way, any Web site's instructions for installing their software
would involve navigating past the Ubuntu Software Library of officially
sanctioned software, and we'd have a good chance of attracting people
into getting their software from the right sources.
Matthew Paul Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 186 bytes
Desc: This is a digitally signed message part
More information about the Ubuntu-devel-discuss