ubuntu at kitterman.com
Wed Oct 17 11:21:13 UTC 2007
On Wednesday 17 October 2007 06:47, Krzysztof Lichota wrote:
> Scott Kitterman napisał(a):
> > I was thinking about this some more. My objection isn't to the
> > installation method, but to the packages. Someone earlier in the thread
> > mentioned the benifits of the web front end that Getdeb provides.
> > Rather than remove something like gnucash from getdeb, what really needs
> > to happen is just pointint from the getdeb package to the Ubuntu one. In
> > the gnucash case it would be changing:
> > http://www.getdeb.net/download.php?release=1496&fpos=0
> > http://www.getdeb.net/download.php?release=1496&fpos=1
> > http://www.getdeb.net/download.php?release=1496&fpos=2
> > with
> > http://launchpadlibrarian.net/9958499/gnucash_2.2.1-1ubuntu4%7Efeisty1_i3
> > http://launchpadlibrarian.net/9958498/gnucash-common_2.2.1-1ubuntu4%7Efei
> > http://launchpadlibrarian.net/9959217/gnucash-docs_2.2.0-1%7Efeisty1_all.
> > The web front end could stay.
> > This would have a number of advantages:
> > Reduced storage and bandwidth usage for getdeb
> > Fewer packages users have to uninstall before an upgrade
> > Fewer issues due to unofficial package use
> > How about something like that? I've no objections to that approach
> > myself.
> I think it is a good idea, but I see 2 problems:
> 1. Ubuntu should provide links to debs which do not change in time or
> some way of automatically feeding changes to deb names to getdeb, so
> that updates do not require manual intervention.
I'd like to be able to dget source from LP too, but it's reallly not how their
system is designed, but I don't think the links actually change over time.
> 2. Pure .deb packages are not signed (as far as I understand APT
> system). Only repos are. So the security problem stays the same.
I disagree. If I'm pulling a .deb from LP over https, I have a lot more
confidence in that than one that's signed, but from some external site. Not
ideal, but it's better.
More information about the Ubuntu-devel-discuss