zeroinstall-injector

Gabriel Puliatti foo at predius.org
Tue Jan 9 21:53:22 GMT 2007


On 1/9/07, Reinhard Tartler <siretart at tauware.de> wrote:
> Err, that's fair enough. My concern is rather, that code from
> unknown/unauthorized 3rd parties is executed, so the perfect way to
> inject trojan or other malware.

Can't you do this by, you know, downloading binaries, .deb or RPMs anyway?

> Where do these 'known' keys come from? Who authorizes these keys?

Who authorises RPMs converted under a computer using Ubuntu? Should
that mean that alien is an package which should be removed?

> Well, in ubuntu, the archives key come from the installation media. I
> have the concern that it may seem that including 0install could imply
> that we 'authorize' other 3rd party software. I fear that we'll get
> bugreports from 3rd party software by users, who have installed random
> software via 0install, and that we will not be able to support them.

What about tars and others? The same applies. Just because there's
Archive Manager doesn't mean that Ubuntu supports a tar I downloaded
from SF.net.

Having 0install would just mean that Ubuntu users don't have to jump
through hoops to install an application that they downloaded because
of the decision of the distributor.
--
The Public is merely a multiplied "me."
               -- Mark Twain

Gabriel Puliatti
foo at predius.org
predius.org



More information about the Ubuntu-motu mailing list