zeroinstall-injector

Reinhard Tartler siretart at tauware.de
Tue Jan 9 20:09:11 GMT 2007


"Thomas Leonard" <talex5 at gmail.com> writes:

> I uploaded a package for Zero Install back in Oct 2006:
>
> http://revu.tauware.de/details.py?upid=3885
>
> I got a comment on Dec 20th to update the version number, which I've done.
>
> Do I need to tell someone about this (e.g. write to this list), or do
> reviewers get notified automatically? How long does the process normally
> take?

Apart from the package quality (which I'd consider okay), I had a look
what 0install actually does. It seems to me that 0install is similar to
autopackage, a project I have strong reservations with. I fear that this
tool has to potential to badly break an user account. Furthermore, I
have some security concerns (who validates/authorizes a signature from
one upstream). What happens, if a library is pulled via 0install, and
later installed via apt-get?

What do the others think? Should we have this in ubuntu?

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/ubuntu-motu/attachments/20070109/ee126ead/attachment.pgp 


More information about the Ubuntu-motu mailing list