On apturls and repositories

Derek Broughton derek at pointerstop.ca
Tue Jun 2 14:37:21 UTC 2009

Alexander Sack wrote:

> On Tue, Jun 02, 2009 at 10:40:47AM -0300, Derek Broughton wrote:
>> Alexander Sack wrote:
>> > Also, the abilitity to trigger .deb installs from the web by a single
>> > click is considered a bug and we look into making ffox and other
>> > webbrowsers not allow that (instead similar to windows .exe downloads
>> > only allow them to be saved and not opened directly from the web).
>> Ugh!  Sure it's dangerous - even so, I think it's a hugely regressive
>> step
>> to say I _shouldn't_ be able to do that.  Feel free to default it that
>> way, and make me do something to demonstrate that I understand the
>> potential hazards, but Linux is not about holding people's hands so tight
>> that they can't shoot themselves in the foot.
> I don't see a big user experience regression if debs get first
> downloaded to desktop before you can install them. 

It's not the idea of having the debs downloaded first that's regressive, 
it's the whole idea that power users should be prevented from doing what 
they want by developers who know better that's pure evil, and should be 
stamped out at the first hint.  I don't care if you want to make it _hard_ 
(heck, make the geeks edit an rc file by hand if you want), but it should 
_always_ be possible.

> Installing debs isn't something you do on a daily base.

Actually, it is...

> In turn you get improved
> security by not providing a click through way of installing them from
> the web.

I beg to differ.  A user who is going to install software of dubious origins 
will install it whether it's "click-through" or not.  You're merely annoying 
people who want to install known, reliable, software (virtualbox comes to 
mind - every time they issue a new release, I get a download link when I 
start it [and yes, I know I can actually add the URL to my sources.list - 
it's just an example]).

More information about the Ubuntu-devel-discuss mailing list