Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Ubuntu Still Trying To Lock Down Third-Party Debs

  1. #11
    Join Date
    Sep 2008
    Location
    Vilnius, Lithuania
    Posts
    2,595

    Default

    Quote Originally Posted by Chewi View Post
    With btrfs/LVM snapshots, this is actually surprisingly easy to implement, at least on a sequential basis, which is just as good as Windows Restore.
    Just as good? It's a lot better, and it's already working. We call it Snapper, at least here on openSUSE.

  2. #12
    Join Date
    May 2012
    Location
    Missouri
    Posts
    59

    Default

    I like how Android shows what permissions an App requires to function on your device. I know a desktop OS is not the same, but it would be nice direction to head. That way when you decide to install, the deb tells you what level of access it requires. Unfortunately, you'll never get everyone to proceed with caution, but making things too difficult will push people away like UAC did in Vista.

  3. #13
    Join Date
    Jul 2010
    Posts
    51

    Default

    How about instead of forcing policies on the users to make it a hassle to install 3rd party software, we instead try to teach the users what to trust and what not to.

    A few simple guidelines should be enough, things like Ubuntus own repo is considered trustable and should be used when possible. If not, use a signed repo that could be considered trustable. Only install .debs manually if you really really have to, and GDebi on Debian already advices you to install the repo version of a package if it's available.

    In my opinion, this approach is far superior to automated policies. Remember, the bad guys could always lie. If you tell them the truth before they encounter the lies, they have a fair chance at detecting it.

  4. #14
    Join Date
    Oct 2007
    Posts
    1,283

    Default

    Quote Originally Posted by schmidtbag View Post
    I think a more realistic problem to fix is preventing people from downloading packages such as .rpm when ubuntu (by default) doesn't support them.
    Why is that an issue? An .rpm won't install, so it's not dangerous (and if you're smart enough to actually use alien to get the package installed, then you're smart enough to realize the risk involved).

  5. #15
    Join Date
    Dec 2010
    Location
    MA, USA
    Posts
    1,375

    Default

    Quote Originally Posted by DanL View Post
    Why is that an issue? An .rpm won't install, so it's not dangerous (and if you're smart enough to actually use alien to get the package installed, then you're smart enough to realize the risk involved).
    Well yea, to us it isn't an issue, but its confusing and annoying to newbs. It isn't really a big deal anyway, but I'm just saying, if they're going to make a fuss about 3rd party packages, .rpms are more of an issue than rather being officially supported.

  6. #16
    Join Date
    May 2012
    Posts
    8

    Default

    The question is really what road they want to take. Either they can with the super secure way where everything is controlled, or they could learn their users to not add repositories they're not sure about. And certainly not run programs as root.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •