[packagekit] PPA + Servers

[Martin Owens]

Hey Jean and Richard,

Allow me to jump in here with a philosophical point about security in
package archives.

Any package in any archive could have malicious code in it. When we
trust a package archive we're trusting the archive maintainers to keep
the archive clean of malicious packages and fairly cruft free.

This trust we place in the archive maintainers extends in two forms. We
trust them morally, that they will do the right thing and not abuse
their position of power committing crimes. And we trust their competence
at being good at checking packages work.

None of this type of languages exists in Debian or Ubuntu when a user
adds a PPA or other archive to their lists, or when they add a key. The
key adding process is done automatically if you use apt-add-repository
or worse, it's done tangentially if you use apt-key. this of course
offers no opportunity for the user to be educated about the implications
and of course offers no real friendly identifier to exactly who it is
who is being trusted with root access. (I assume good policykit
configuration would prevent some root things from happening)

Overall as a community I believe we have failed to identify the core
designs of identity, relationship and trust and certainly failed to
bring any of this functionality over to gui users via apis. What users
need is to be able to manage their relationships, not their keys. They
need to be able to identify and sanctify trust and if possible, verify
the relationship with other people in their community before they trust
them.

Overall, I don't think we can solve some of the "App Store" trust issues
without first solving some of the deeper GnuPG, identity and signing
concept design issues first.

Thanks for your indulgence.

Best Regards, Martin Owens

On Fri, 2011-07-22 at 19:20 -0400, Jean-Pierre Vidal Piesset wrote:
> IMHO the lack of being able to add a new ppa (even if it can be a
> security
> problem according to your words - i did have no idea about this)