Ivan Krstic
krstic at hcs.harvard.edu
Sun Oct 23 22:17:12 CDT 2005
On Sun, 2005-10-23 at 21:49 -0400, Evan Dandrea wrote:
> I think it is a big deal. This is an area where we're able to be
> miles ahead of the proprietary software world. We can guarantee much
> better security and protection from the kind of nonsense that Windows
> users currently face by keeping the package system close to the way
> it's currently configured.
I'm in complete agreement with Evan on this.
John Nilsson wrote:
> A perfect solution for this class of users would be a nice little nag
> screen that is activated when you doubble click a .deb .rpm or .tar.gz.
Putting "perfect solution" and "nag screen" in the same sentence is, at
best, silly. Years of Windows' abysmal security record have taught us,
among other things, that when an uninformed user is presented with an
explanation of how to do the right thing, and the *ability* to do the
wrong thing, the user will do the wrong thing every single time without
fail if she believes it's a quicker way towards the end goal ("install
this piece of software"). As an example, this is why ZoneAlarm is a
great personal firewall in the hands of a knowledgeable user, but fails
catastrophically at protecting anyone else.
If you're trying to protect the user by showing them an explanation and
giving them a choice, you've already failed. Incidentally, Ubuntu's
repositories don't hold three hundred packages, or five thousand. They
hold close to eighteen thousand. I think this makes it *perfectly*
justifiable to not make installing external packages any easier than it
already is.
--
Ivan Krstic <krstic at hcs.harvard.edu> | 0x147C722D
More information about the ubuntu-devel
mailing list