Auto Package

Corey Burger corey.burger at gmail.com
Tue Mar 29 14:27:50 CST 2005 

On Tue, 29 Mar 2005 21:17:05 +0100, Mike Hearn <mike at navi.cx> wrote:
> On Tue, 29 Mar 2005 11:46:22 -0800, Corey Burger wrote:
> > Probably for me the biggest reason not to allow autopackage has to do
> > with trust and security.
> 
> Well, this comes up a lot but I think it's not really accurate. See here:
> 
>   http://bylands.dur.ac.uk/~mh/autopackage.org/faq.html#4_4
> 
> I don't think it's worth trying to "educate" users that software does not
> come off the internet. Firstly even when using apt, it clearly does -
> there is a download progress bar. You would have to try and teach users
> that one bit of the internet - your bit - is good, whereas everywhere else
> is bad. That'd be a hard sell.

How is that hard. You tell users that these apps (synaptic,
gnome-app-install) are safe. To a lot of people, the internet is that
blue E thing on their desktop.

> 
> Secondly, it doesn't provide any real security, just the illusion of it.
> 
> Spyware and malware does not exist on Windows if you only use open source
> software (and avoid bug-ridden programs like IE), because developers
> bundle this stuff to provide them with a revenue stream from "free"
> programs. That's something Free software does not need. But, Ubuntu does
> not ship this type of commercial software anyway.

Autopackage does not deal with the fact that people will be bundling
this kind of cruft and junk once linux gets popular.

> 
> So the core of your argument is that if something isn't in apt, it can't
> be installed at all. That clearly isn't true, actually it's quite easy,
> you can just provide the user with a Loki Setup, custom shell script, XPI
> or yes ... an autopackage.

But I am saying that if you teach users that only apt is safe, then
there is much less likelyhood that they will get malware through their
own actions.

> 
> If you want to avoid spyware/malware then your best bet is a two pronged
> approach:
> 
> 1) Ensure users needs and desires can be met using free software. That's
>    not just boring business apps, that means pretty screensavers and
>    oddball XMMS plugins too.
> 
> 2) Implement some kind of distributed SSL-style whitelisting network.
>    There is more discussion of that in the FAQ.
> 
> The Linux community already has a pretty good head start at (1), but (2)
> is non-existent.
> 
> thanks -mike
> 
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>

More information about the ubuntu-devel mailing list