Shall we support the autorun feature?

Mike Hearn mike at navi.cx
Tue Jan 4 10:42:12 CST 2005 

On Tue, 04 Jan 2005 16:43:02 +0100, Martin Pitt wrote:
> Well, if they rely on such features, then I don't think that this
> would be too bad. The primary idea of different distributions is to
> make things differently, so I don't want to implement this equally on
> all distros just for the sake of it.

Argh! No the idea of distributions is not to make things pointlessly
different, that just makes tech support even harder than it already is.
Compatibility with other systems should always be a consideration.
 
> This is the fault of the game vendor. If they provide an apt source,
> then package installation can't be easier.

OK zero points for understanding how game vendors operate. How many game
vendors provide apt sources today? None.

> I would find this annoying. I don't want to see such a dialog each and
> every time I insert a CD that happens to have an autorun file. 

So disable it ... nobody is saying it'd have to be hard coded.

> the user has to click in a confirmation dialog anyway, why not just have
> him click on a "setup" or "install" script in Nautilus? This is far more
> obvious (that he executes something from CD) and not more complicated
> IMHO.

Yes you could use a .hidden file to hide everything except a "Click here
to install" .desktop file, though of course if the discussion above ends
up with .desktop files not working unless they're executable this will
also break.

> I did not hear about any, but not every "my so-called friend gave me a
> CD and it nuked my computer" incident gets known publically. Second, I
> would rather focus on a secure by default architecture, so to avoid
> potential traps whereever possible.

So you're inventing security holes based on no evidence? Please, autorun
is a useful feature that Microsoft implemented because a *huge* number of
tech support calls were variations on "I put the CD in the drive and
nothing happened", "Oh you have to type dee colon slash setup exey", "????".

I would definitely suggest it be enabled by default, no confirmations. If
the user has a CD in their hands, they're going to want to run it. It
comes back down to the security-by-annoyance thing I mentioned in another
thread.

thanks -mike

More information about the ubuntu-devel mailing list