Matt Zimmerman napisaĆ(a): >> So Ubuntu could just provide signed files for applications hosted in its >> repository, signed with its key for use by everyone else. Files would be >> hosted on Ubuntu server and everyone else (forum support people, >> bloggers, journalists, ...) could just provide links to these files >> instead of creating them on their own. > > There is no need for Ubuntu to provide additional metadata for the thousands > of programs available in the repositories. Instead, the metadata file need > only provide the name of the package, and the local package manager can > install it from the official repository. > > This provides the experience of locating the software on the web while > retaining the security and maintenance characteristics of the distribution > model.
This is the approach of apt:// protocol. It is not extensible and it
will not make Ubuntu competitive to rich software ecosystem of Windows.
There _must_ be the way for third party software creators to publish
their software easily. Otherwise they will not be interested in creating
their apps for Linux.
And if you want to provide higher security, you can turn off installing
unsigned files in One Click Installer. This way inexperienced users will
not be able to install untrusted software easily. But of course advanced
users will be able to work around it.
Krzysztof Lichota
signature.asc
Description: OpenPGP digital signature
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
