[packagekit] Res: One click install support in PackageKit
Debayan Banerjee
debayanin at gmail.com
Thu Apr 2 17:39:06 PDT 2009
2009/4/2 Richard Hughes <hughsient at gmail.com>:
>
> Well, I still don't think popularity == trust. I also think that OCI
> would be a nice-to-have feature, but with package catalogs I don't think
> it's a required feature.
>
I saw the package-catalog schema. It contains no repository url
information. i understand that this is by design since you do not want
users to start adding repositories on the fly by clicking on web pages
since it is dangerous.
What if we do incorporate url/repository in the schema? Say I want to
install Orca, and it uses some sound library that maybe found in some
other repository (official), there is no way to solve this via the
catalog currently. We can instead add a list of recommended repos
(official repos) in the schema which will be added temporarily to
preserve dependency.
It also makes it risky since people may come out with these links and
lead to dangerous repos. Well we can warn the user every time a
dependency preserving repository is not Fedora friendly.
A user who is careful and knowledgeable does not need this warning
really. He could as well have added a the repository manually to get
his work done. But the other kind of user will pay attention to
warnings such as these that are displayed. I speak from my personal
experience.
Another task is to create some system such that given a list of
repository urls and a package name, it generates these catalog files
on the fly.
About the trust vote thing, we can add captcha at the client end so
that no bogus votes are polled. Ofcourse we need voting only for 3rd
party repos. Also lets make the url to which this votes go to an input
that user selects, since it is not certain which organisation, if any,
will host this server.
My aim is to show the user one-trigger-per-package at
<https://admin.fedoraproject.org/pkgdb> for official packages.
My aim is also to make 3rd party repo users more aware of what is
better. Currently there is no way.
These are 2 different aims, but they converge at the point of ease of
use at the user end. And all this does is increase security than what
used to be the case previously.
--
Be Intelligent, Use GNU/Linux
http://debayanin.googlepages.com/
http://debayan.wordpress.com
http://lug.nitdgp.ac.in
More information about the PackageKit
mailing list