[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ayatana] make adding ppas easier

To: ayatana@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Ayatana] make adding ppas easier
From: Matthew Paul Thomas <mpt@xxxxxxxxxxxxx>
Date: Mon, 05 Sep 2011 13:04:52 +0100
In-reply-to: <CAEfxiG0LOeyzOCyv0NDupf_dfbT-6RPr5bgnZFmG97ZPUvKH3g@mail.gmail.com>
List-archive: <http://lists.launchpad.net/ayatana>
List-help: <https://help.launchpad.net/ListHelp>
List-id: <ayatana.lists.launchpad.net>
List-owner: <https://launchpad.net/~ayatana>
List-post: <mailto:ayatana@lists.launchpad.net>
List-subscribe: <https://launchpad.net/~ayatana>
List-unsubscribe: <https://launchpad.net/~ayatana>
Organization: Canonical Ltd
References: <4E636359.4000801@r-k-r.de> <CAPs+Fh4jVxcMgRU4+zehxqmT1bVvRAXoH4s3Aabuge-Q-14HKg@mail.gmail.com> <4E64AC0B.7010707@canonical.com> <CAEfxiG0LOeyzOCyv0NDupf_dfbT-6RPr5bgnZFmG97ZPUvKH3g@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.21) Gecko/20110831 Thunderbird/3.1.13

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

a.grandi@xxxxxxxxx wrote on 05/09/11 12:42:
>...
> On 5 September 2011 13:01, Matthew Paul Thomas <mpt@xxxxxxxxxxxxx>
>...
>> So now is a good time to think about how we can make Ubuntu safer by
>> making adding PPAs harder.
> 
> don't you think it's already a bit hard for new users to add a PPA to
> Ubuntu?

Indeed I don't.

> Lot of my friends that use Ubuntu don't know that PAAs exist,

That's good, unless they're aspiring application developers. (And if
they are, the developer Web site should educate them about how to set up
a PPA.)

>                                                               imagine
> if they know how to add them.

Then even more Ubuntu users would be vulnerable to both sides of
Hanlon's Razor -- PPAs that messed up people's systems either
accidentally or intentionally.

To pick a famous example, on June 25th OMG Ubuntu announced a PPA for
Bumblebee.
<http://www.omgubuntu.co.uk/2011/06/bumblebee-gets-a-ppa-brings-nvidia-optimus-graphics-switching-to-ubuntu/>

Only three weeks beforehand, Bumblebee had been deleting /usr on
installation.
<https://github.com/MrMEEE/bumblebee/commit/a047be85247755cdbe0acce6#diff-1>

What if it had been not three weeks before, but three weeks after?

> Removing the possibility to have a similar command: sudo
> add-apt-repository ppa:unity-2d-team/unity-2d-daily
> would be a big regression, imho.
>...

Probably. But one possibility (just as an example) would be to remove
the "ppa:" pseudo-protocol, requiring people to use the equivalent
launchpad.net URL instead.

- -- 
mpt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5kuuMACgkQ6PUxNfU6ecoOIQCdE55CL0C049BgyHlTvG3+fTLw
Bf8AoKlNongvnD0p17ZaYc9jANA9pseT
=Bp/F
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [Ayatana] make adding ppas easier
  - From: Lance

References:
- [Ayatana] make adding ppas easier
  - From: Christian Rupp
- Re: [Ayatana] make adding ppas easier
  - From: Kévin PEIGNOT
- Re: [Ayatana] make adding ppas easier
  - From: Matthew Paul Thomas
- Re: [Ayatana] make adding ppas easier
  - From: a.grandi@xxxxxxxxx

Prev by Date: Re: [Ayatana] make adding ppas easier
Next by Date: Re: [Ayatana] make adding ppas easier
Previous by thread: Re: [Ayatana] make adding ppas easier
Next by thread: Re: [Ayatana] make adding ppas easier
Index(es):
- Date
- Thread