On apturls and repositories

Dylan McCall dylanmccall at gmail.com
Mon Jun 1 23:46:19 UTC 2009


On Tue, 2009-06-02 at 00:53 +0200, Martin Owens wrote: 
> On Mon, 2009-06-01 at 09:48 -0700, Dylan McCall wrote:
> > Sounds like the discussion at UDS about having support for adding
> > repositories (or at least PPAs) via apturl didn't get very far. At risk
> > of prolonging a stalemate, I get the impression blocking this idea for
> > safety reasons is completely pointless.
> 
> The session was polite and we talked about everyone's views. Some of
> these choices are down to political background more than technical
> options. Although Alexander Sack didn't help by suggesting that the
> decision had already been made at All Hands.
> 
> As I said I would, I've compiled some mock-ups of what I was talking
> about with various people:
> 
> http://doctormo.wordpress.com/2009/06/01/ubuntu-apt-url-and-the-white-list/
> 
> I'm going to add the same to the whiteboard for the blueprint now.

Thanks for the information!

That is a COOL mockup. Really leverages the power of GPG, too :)

Isn't Microsoft's software signing model an example of the centralized
trust concept that a whitelist in Ubuntu would imply? Doesn't work very
well. Users just click through it and don't care when the message isn't
there. It doesn't encourage enough thought to interest them; it just
says "we, Microsoft, think you should not install this because we said
so," or it doesn't say anything. (Between the lines: "We don't like this
program because its developers didn't fork over piles of cash, so, uhh,
there!").

Your design fits the free software ecosystem in a better way because it
demystifies the existence of people (instead of just behemoth
corporations), and I bet even /real/ usability testing would find it a
more natural, human approach.

Less forbidding, less corporate, and it pushes the technical details of
the operating system into the background where it belongs. It doesn't
matter whether Jesus trusts the repository's owner or Canonical; it's up
to the user and presented the same way, and it's his choice whether he
trusts Canonical's judgement. (Carrying the previous example, I for one
happily use Windows to play games but don't trust Microsoft's judgement
for what software is good, even if they did make the OS).

Preaching to the choir, of course, but it's easier that way :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20090601/6131bd9e/attachment.pgp>


More information about the Ubuntu-devel-discuss mailing list