[packagekit] 1-click; Third party vendors; etc.

[Jan Niklas Hasse]

On Tue, Jun 3, 2008 at 3:58 PM, Benji Weber <benji at opensuse.org> wrote:
> Yes. The user must choose to trust the key before anything can be
> installed or executed though.

For an installer, the user must allow execution to let the installer
be executed.

> Also, if the package management system
> is aware of the files that are installed then it can also avoid
> overwriting them

Not if I write "rm -rf /usr/share" or something like this inside some
of one shell scripts.

> or otherwise breaking the software,
If a newer package breaks your system, you need to get back to the old
one from your distro's repro. I don't think most users know how to do
that.

> and it can also
> prevent installation of software that conflicts with installed system
> software. None of this protection is available from custom installers.

Custom installers prevent this by installing to ~.

Autopackage, Klik and Zeroinstall also have all of these 3 protections:

1 = aware of the files that are installed then it can also avoid
overwriting them
2 = breaking the software
3 = prevent installation of software that conflicts with installed
system software

Autopackage:
1: replaces backups of files that need to be overwritten
2: checks if there's a rpm already installed with the same binary
3: could break the system, but after removing the software, everything
should be working again

Klik & Zeroinstall & Autopackage/Custom installer without root access:
All of the 3 protection are available as both don't touch /usr at all.