[packagekit] Res: One click install support in PackageKit

Dan Kegel dank at kegel.com
Tue Mar 24 04:44:43 PDT 2009

On Tue, Mar 24, 2009 at 1:28 AM, Richard Hughes <hughsient at gmail.com> wrote:
> On Tue, 2009-03-24 at 06:49 +0530, Debayan Banerjee wrote:
>> 2009/3/24 Daniel Nicoletti <dantti85-pk at yahoo.com.br>:
>> > Hi, i think you would like to take a
>> > look at http://packagekit.org/pk-faq.html#1-click-install
>> >
>> So should I forget about this project totally?
> No, if you are able to address the security concerns, then I think it is
> very worthwhile. The easiest thing to do is just copy the suse reference
> OCI implementation which in my opinion is horribly insecure.
> Also, I think someone in google tried to do this a few months ago;
> probably worth searching the archives for links. Thanks,

Yeah, that was me and a summer intern, Dorian Perkins.
You can see a tarball of his work at

The approach we took was to not allow adding new
repositories via oci -- the most we did was enable
existing repositories that were disabled.  He
didn't get very far, but he does have a demo of
how to do an oci-like thing with the PackageKit C

I still think this is worth working on.  There are
many things that could be done to provide
some security.   See also
and the resulting discussion (some of which is elsewhere, e.g.
http://duncan.mac-vicar.com/blog/archives/414 )

There isn't going to be any consensus from just
talking about this; what's needed is to try out some
of the existing ideas.
- Dan

More information about the PackageKit mailing list