Announcement: One Click Installer
Matt Zimmerman
mdz at ubuntu.com
Tue Aug 7 19:53:01 BST 2007
On Tue, Aug 07, 2007 at 08:36:23PM +0200, Krzysztof Lichota wrote:
> Creator of One Click Installer installation file decides which
> repository will be used. If the application is available in Ubuntu
> repository I do not see the point why he would prefer to point to some
> other repository.
>
> Additionally, Ubuntu could make such need void by providing prepackaged,
> trusted installation files - only installation files signed using Ubuntu
> key are trusted by default by One Click Installer. Files signed with
> untrusted key are not installed and files without signature spawn
> warning and default to aborting installation. I have described security
> model in this e-mail:
> https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2007-August/001385.html
>
> So Ubuntu could just provide signed files for applications hosted in its
> repository, signed with its key for use by everyone else. Files would be
> hosted on Ubuntu server and everyone else (forum support people,
> bloggers, journalists, ...) could just provide links to these files
> instead of creating them on their own.
There is no need for Ubuntu to provide additional metadata for the thousands
of programs available in the repositories. Instead, the metadata file need
only provide the name of the package, and the local package manager can
install it from the official repository.
This provides the experience of locating the software on the web while
retaining the security and maintenance characteristics of the distribution
model.
--
- mdz
More information about the ubuntu-devel
mailing list