Request For Candidates: Application Review Board
Stephan Hermann
sh at sourcecode.de
Thu Aug 26 10:32:18 BST 2010
On Wed, Aug 25, 2010 at 04:52:38PM +0200, Michael Vogt wrote:
> [...]
> James Westby raised the idea of "proto-packages" (we discssed about it
> a couple of times before). I think the idea is pretty neat. Deb
> packages are great for what we use them - to build a distribution. But
> for a lot of "simple" apps we don't actually need the power that they
> have (just the opposite, I consider it harmful to be able to have
> maintainer scripts that run as root and can alter the system state in
> any way they want because it makes auditing much harder and it kills
> our ability to rollback, completly remove a package). So I can see
> room for packages that do not require root, do not need installing (in
> the traditional way) and that are easier to sandbox. This is of course
> a big technical (and UI) challenge.
So, what James and you are thinking about is something like Slackwares tgz format,
it's a prebuild binary packaged with tar.gz and put a wrapper around which installs the
simple app under $HOME/Apps/ (example!!!) for user only installations. Therefore the install script
(maintainer script) only needs user permissions.
I like that approach (if I interpretated your proposal correctly), it's clean.
We could provide default templates for installer scripts, which are easily reviewable, and it should
not be difficult to implement that into software center (meta data defines package format deb or tgz).
Eventually it's also possible to do install path relocations with such a system, when someone decides to
install this app system wide.
Regards,
\sh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20100826/adcb8de5/attachment.pgp
More information about the ubuntu-devel
mailing list