[packagekit] One click web based installation UI
Dan Kegel
dank at kegel.com
Sun Apr 19 06:44:34 PDT 2009
On Sun, Apr 19, 2009 at 6:23 AM, Abhradip Mukherjee
<abhradipmukherjee at gmail.com> wrote:
> * An overview of my proposal
>
> To create an online software archive for Fedora which gives the user a one
> click install facility, my approach is based on community contribution.
> Instead of going for a synchronized UI for repository, I created a drupal
> based website that has an archive of software installer scripts for various
> versions of Fedora. The archive is maintained by the community and they
> update/comment on the software. The website is indexed and keyword searching
> can be used to search the software of choice. The shell scripts are
> executable text files with .qi extension. They are made in such a way so
> that user can install it by executing just once. The whole archive can be
> edited by ever member and any member can upload a new shell script for
> installation of any software.
>
> The proposal has been converted to a website already (
> http://install.passion4freedom.07x.net ).
The first question that comes to mind is, can I own
your box by fooling you into clicking on an evil .qi file?
The second question is, how do you handle updates?
Applications that aren't updated are security hazards.
Decoupling installation from the repository-based
autoupdate system seems like a Really Bad Idea.
The third question is, why should people trust a random
collection of packages maintained by somebody who
didn't anticipate the previous two questions?
Why not put the packages into a repository, and
use Suse's One-Click-Install format for your
text files? That would let you provide updates.
There is already code to add support to Packagekit
for that format, though it hasn't been polished enough
yet to be accepted.
The only rough spot left, really, is the question of
trust; Richard and others are not at all happy with
any UI change that makes it easy for people to
say they trust a third-party collection of packages
without really thinking about it.
- Dan
More information about the PackageKit
mailing list