← Back to team overview

unity-design team mailing list archive

Re: make adding ppas easier

 

Another example that pops to mind almost immediately is the gnome3 and UGR ppa's for Natty. While the UGR website and both ppa pages on launchpad give ample warnings many third-party websites just tell a user to run the command:

 sudo add-apt-repository 'watch-me-break-you'

Or yet another, xorg-edgers devs do a great job of warning about breakage, but you'll often see others simply recommending to try it w/o warnings!

IMHO making it even easier to break things is not a wise option.

Lance

--- On Mon, 9/5/11, Matthew Paul Thomas <mpt@xxxxxxxxxxxxx> wrote:

From: Matthew Paul Thomas <mpt@xxxxxxxxxxxxx>
Subject: Re: [Ayatana] make adding ppas easier
To: ayatana@xxxxxxxxxxxxxxxxxxx
Date: Monday, September 5, 2011, 7:04 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

a.grandi@xxxxxxxxx wrote on 05/09/11 12:42:
>...
> On 5 September 2011 13:01, Matthew Paul Thomas <mpt@xxxxxxxxxxxxx>
>...
>> So now is a good time to think about how we can make Ubuntu safer by
>> making adding PPAs harder.
> 
> don't you think it's already a bit hard for new users to add a PPA to
> Ubuntu?

Indeed I don't.

> Lot of my friends that use Ubuntu don't know that PAAs exist,

That's good, unless they're aspiring application developers. (And if
they are, the developer Web site should educate them about how to set up
a PPA.)

>                                                               imagine
> if they know how to add them.

Then even more Ubuntu users would be vulnerable to both sides of
Hanlon's Razor -- PPAs that messed up people's systems either
accidentally or intentionally.

To pick a famous example, on June 25th OMG Ubuntu announced a PPA for
Bumblebee.
<http://www.omgubuntu.co.uk/2011/06/bumblebee-gets-a-ppa-brings-nvidia-optimus-graphics-switching-to-ubuntu/>

Only three weeks beforehand, Bumblebee had been deleting /usr on
installation.
<https://github.com/MrMEEE/bumblebee/commit/a047be85247755cdbe0acce6#diff-1>

What if it had been not three weeks before, but three weeks after?

> Removing the possibility to have a similar command: sudo
> add-apt-repository ppa:unity-2d-team/unity-2d-daily
> would be a big regression, imho.
>...

Probably. But one possibility (just as an example) would be to remove
the "ppa:" pseudo-protocol, requiring people to use the equivalent
launchpad.net URL instead.

- -- 
mpt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5kuuMACgkQ6PUxNfU6ecoOIQCdE55CL0C049BgyHlTvG3+fTLw
Bf8AoKlNongvnD0p17ZaYc9jANA9pseT
=Bp/F
-----END PGP SIGNATURE-----

_______________________________________________
Mailing list: https://launchpad.net/~ayatana
Post to     : ayatana@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~ayatana
More help   : https://help.launchpad.net/ListHelp

References