Monday, 13 May 2013

Re: App installer design: click packages

On Thu, May 09, 2013 at 02:47:47PM +0400, Sergey Shambir wrote:
> 1. Declarative manifest
> Main benefit is ability to handle this file automatically: index it,
> provide UI and either generate automatically from build system
> information or parse to get information back.

In my mind, the main benefit is that we eliminate root-privileged
maintainer scripts. The current situation with debian is that all
package maintainers have the ability to write a postinst script that
will run as root on your system, and this script can be in any
language, without any form of controls on it.

That kind of situation made sense in 1993 when there were only a few
dozen package maintainers who all knew and trusted each other, but it
really hasn't scaled. Just think: every package you've ever installed,
every PPA you've enabled, you've implicitly given root access on your
machine to the author of that package. Who are these people? Do you
trust them? It's insane!

The goal of a declarative manifest is to make it possible to install a
package on the system which does not require unlimited arbitrary root
code execution by random untrusted packages downloaded from the
internet.

--
ubuntu-devel mailing list
[email protected]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel