[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ayatana] make adding ppas easier
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
a.grandi@xxxxxxxxx wrote on 05/09/11 12:42:
>...
> On 5 September 2011 13:01, Matthew Paul Thomas <mpt@xxxxxxxxxxxxx>
>...
>> So now is a good time to think about how we can make Ubuntu safer by
>> making adding PPAs harder.
>
> don't you think it's already a bit hard for new users to add a PPA to
> Ubuntu?
Indeed I don't.
> Lot of my friends that use Ubuntu don't know that PAAs exist,
That's good, unless they're aspiring application developers. (And if
they are, the developer Web site should educate them about how to set up
a PPA.)
> imagine
> if they know how to add them.
Then even more Ubuntu users would be vulnerable to both sides of
Hanlon's Razor -- PPAs that messed up people's systems either
accidentally or intentionally.
To pick a famous example, on June 25th OMG Ubuntu announced a PPA for
Bumblebee.
<http://www.omgubuntu.co.uk/2011/06/bumblebee-gets-a-ppa-brings-nvidia-optimus-graphics-switching-to-ubuntu/>
Only three weeks beforehand, Bumblebee had been deleting /usr on
installation.
<https://github.com/MrMEEE/bumblebee/commit/a047be85247755cdbe0acce6#diff-1>
What if it had been not three weeks before, but three weeks after?
> Removing the possibility to have a similar command: sudo
> add-apt-repository ppa:unity-2d-team/unity-2d-daily
> would be a big regression, imho.
>...
Probably. But one possibility (just as an example) would be to remove
the "ppa:" pseudo-protocol, requiring people to use the equivalent
launchpad.net URL instead.
- --
mpt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5kuuMACgkQ6PUxNfU6ecoOIQCdE55CL0C049BgyHlTvG3+fTLw
Bf8AoKlNongvnD0p17ZaYc9jANA9pseT
=Bp/F
-----END PGP SIGNATURE-----