Edgy Third Party Package Management
Jerry Haltom
wasabi at larvalstage.net
Mon Jun 5 15:56:10 BST 2006
> The problem is not the distribution, the problem is: Who is packaging
> the software in a clean and trustable way and who is providing the
> repository and last but not least, who is responsible if this package
> is destroying my system.
These are addressed by being specifically unaddressed in the WIki page
linked by the spec. This is not feasible nor desirable.
If you install software from an ISV, you trust the ISV to provide the
software. There is a one time "Yes, I trust the ISV known as Foo. (along
with key Bar)". Beyond that, it is up to the ISV to deliver whatever
they want.
Centralized signing/packaging is overcomplicated, puts Canonical in a
position I assume they don't want to be, and is also unreasonable to
expect ISVs to do. It is a non-starter.
> ISVs shouldn't package software (package != tar.gz) and they won't do
> it, because then they have to provide at least 3-5 different packages
> for the big package managers (RPM, DEB, PKG, etc.) and after all they
> have to provide different packages for any distro out there.
> We can see what happens if an ISV is doing this: Example: Skype
They won't do this because we don't push them to do so. If there are
potential customers using Ubuntu that they want to reach, they WILL
package it properly to appease those customers. Or they won't, and will
lose their business.
We define a specification and a set of documentation for creating Ubuntu
packages, and ISVs will invest the man power to implement them. My
proposal is of course only one side of this, the delivery mechanism.
More information about the ubuntu-devel
mailing list