Auto Package

[Michael Davies]

-------Original Message-------
> From: "geo" <dlist at ubuntuforums.org>
> Subject: Re: Auto Package
> Sent: 31 Mar 2005 00:38:40
>  
>  The arguments against adopting Autopackage protect the sanctity of the
>  UBUNTU platform. By adopting it though, Ubuntu gains the
>  leverage/usage/eyeballs/distribution of the entire LINUX platform.

I think that Autopackage has the potential to be a good thing, but for the experience of our users I think we want to always direct our users towards both "safe" software and free software (where possible)[0].  From what I've seen, autopackage doesn't yet address this.

I think that the user-facing tool, synaptic or it's sibling, should be configured so that if non-free software downloads are enabled, i.e. from companies such as Macromedia (flash), Oracle, Sun (java), the user can install software from these trusted locations.  You don't want warning-free double-click-on-a-website-icon-installs happening lest we become the new Microsoft-like platform for DoS attacks.  These companies packages could be added to a trusted list of locations which the user-facing tool would use.

i.e. when installing software from 3rd party repos that aren't trusted, we should at least warn them they could be compromising system security and stability.  This is independant of apt/autopackage etc.

It's a circle of trust.  Stuff in main gets tested and maintained from a security stand-point.  Universe gives a slightly less guarrentee.  Going to a 3rd-party repository expands the horizon of application availability, but also increases the risk of something going wrong from the system stability / security viewpoint.  Without doing the testing that software in main gets, you can't guarrentee things won't break or aren't trap-doored.  Ubuntu has been widely adopted because it "just works" - we don't want that to lose that identification.

Until autopackage has as many applications as "universe" or "debian sid" there's little pay-off for Ubuntu to push this barrow.  Most software I seem to ever use is either in debian unstable, meaning that it's just a rebuild for Ubuntu away, or it's straight out of cvs because it's software still under pre-release development.  There's little incentive to move to something other than the apt way of doing things because things work as they are.  i.e. the problem isn't back-end package formats, but rather end-user-facing tools.

That's not to say that autopackge couldn't add value.  As with all free software it's a case of proving the technology outside of officialdom.  Things gain wide adoption by merit, not legislature.

Just my thoughts,

Michael...

[0] i.e. You want a pdf viewer?  We should give people a choice but first suggesting that they use the free equivalent where the level of interroperability is acceptible.
-- 
michael at msdavies.net