Untrusted software and security click-through warnings

Matthew Paul Thomas mpt at canonical.com
Tue Oct 16 23:09:57 UTC 2007

On Oct 16, 2007, at 11:26 PM, Alexander Sack wrote:
> ...
> My opinion is clearly that we should come up with a decent and
> standardized way to add third party applications that we can actually
> _control_ and design in a way that at least gives our users a chance
> to educate themselves before taking any action.
> If you just ignore the demand to install third party applications from
> third party repositories you will likely train our user-base to just
> google the internet and follow arbitrary instructions they find - which
> can't be what we want.
> ...

I think the word "instead" hasn't been used enough in this discussion 
so far. :-) People want to install third-party software. We can make it 
easy for them, or we can make it hard for them, but that's attacking 
the supply side, which is only part of the problem. (Here the labelling 
of new software as "crack" is an apt analogy.) How should we tackle the 
demand side? How should we encourage users to use official repositories 

One way would be to make the tool that provides attractive software 
listings (currently "Add/Remove Applications") also the only practical 
way of installing third-party software. This would involve merging 
gdebi into Add/Remove Applications; merging "Software Sources" into 
Add/Remove Applications; and making the repository listing something 
that could not practically be edited using copied-and-pasted terminal 
commands (e.g. XML rather than space-delimited fields).

That way, any Web site's instructions for installing their software 
would involve navigating past the Ubuntu Software Library of officially 
sanctioned software, and we'd have a good chance of attracting people 
into getting their software from the right sources.

Matthew Paul Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071017/54fb1756/attachment.pgp>

More information about the Ubuntu-devel-discuss mailing list