Re: Apt repository interoperability (was: Bug#311188: Debian edu messed up my Ubuntu system.)

To: "Caroline Ford" <caroline.ford.work@googlemail.com>
Cc: debian-edu@lists.debian.org, ubuntu-devel@lists.ubuntu.com
Subject: Re: Apt repository interoperability (was: Bug#311188: Debian edu messed up my Ubuntu system.)
From: "Herman Robak" <herman@skolelinux.no>
Date: Mon, 21 Apr 2008 19:41:03 +0200
Message-id: <[🔎] op.t9y12pkw5056ey@localhost>
In-reply-to: <[🔎] cbc01cde0804210742g18de601cqb5cb4a9fae5713c5@mail.gmail.com>
References: <[🔎] e742d1340804191341j1bd89bd9lfe631ae53429c37@mail.gmail.com> <[🔎] alpine.DEB.1.10.0804201002010.23154@wr-linux02> <[🔎] op.t9wuucth5056ey@localhost> <[🔎] alpine.DEB.1.10.0804210926110.25113@wr-linux02> <[🔎] cbc01cde0804210742g18de601cqb5cb4a9fae5713c5@mail.gmail.com>

On Mon, 21 Apr 2008 16:42:21 +0200, Caroline Ford<caroline.ford.work@googlemail.com> wrote:

On 21/04/2008, Andreas Tille <tillea@rki.de> wrote:

So you would like to file a wishlist bug to the Ubuntu BTS that
 users should be warned if they include Debian related apt lines??
 I'm keen on hearing what Ubuntu developers says about this. ;-)


Actually Ubuntu users are very good at installing random repositories
(especially from the forums) and complaining when it doesn't work.

We have lots of bug reports connected to this, especially when
upgrading, but also errors people get from having lines like wget foo
in sources.list.


 Thanks for the empirical input: It's a fact that many users do this.
This is a potential burden on the community (support, reputation ...)

 > Repositories that look alike on the surface may or may not play nice
 > with each other.  They may be binary incompatible.  Their maintainers

> may not endorse (i.e. support) other repositories that are intendedto

 > be binary compatible, either.  Users who add third party repositories
 > are left to figure out this for themselves.  It's as if adding an apt
 > repository is an expert operation; User Beware!


They may be malware too.


 Indeed!  User beware.  Is there anything in place to help the user
assess the trustworthiness of a repository?

 > Apt is an awesome package manager framework.  It has a lot of power!
 > But it is a powertool with few safety features aimed at Joe Average.


But root is not Joe Average.  If Joe Average decided to become root
 he takes over some responsibility.  We can't help here if he has
 not read the docs before.


Desktop users are generally roots on their own machines. You can't
install software any other way. Jo Average has to have sudo or her
machine is much less usable.


 Actually, Debian users have to install software, too.  I don't expect
most of them have all they need right after the base installation has
finished.  And I don't exptect Joe Average to morph into a different
personality every time he uses su to become root, because he needs to
install something.  He is still Joe Average, with a root prompt.

Our userbase loves to experiment, this is why they are using Ubuntu
rather than sticking with being windows power users. However once you
leave the handholding (and restrictions) of gnome we don't necessarily
have the educational resources to stop them breaking everything
totally. Some of this is the forums, but would a large warning in
sources.list help?


 Alas, a "don't touch this unless you know what you are doing" will be
like crying "wolf!" here.  Maybe the user isn't all that afraid of
breaking the system.  Reinstall is easy, and recent converts from
Windows will not be embarrased by resorting to that. ;-)
 No, I think the more sinister threats are relevant: Your machine may
be 0wnded, and your data destroyed or compromised.  Ultimately your
machine may be usurped by criminals, which can hurt other people, too.
And that will be YOUR fault.
 The above is true, and quite obvious.  But users don't really want to
hear and believe that.  They need to be humbled first.  And I don't
believe Debian nor Ubuntu has the manpower to humble them quite enough.

We are good at telling people that windows is unsafe, and most of our
users would never dream of running windows without an antivirus and
firewall, and wouldn't open random attachments etc. However as soon as
they get on 'virus-free' Ubuntu they behave in a very unsafe way.
Condoms for the userbase? People don't know how unsafe installing
random repos is. Maybe it'll take a disease outbreak for the message
to get across (alas).


 You won't like to hear this ...

 The message will never come accross to everyone.  There will always
be a significant minority who don't get it.  Go ahead and read "The
Six Dumbest Ideas In Computer Security" by Marcus Ranum.  Skip to
point #5, "Educating Users".

http://www.ranum.com/security/computer_security/editorials/dumb/


 As long as Debian has a "desktop" item in the installer, the PEBKAC
cathegory _will_ be our problem, too.

--
Herman Robak

Reply to:

References:
- Bug#311188: Debian edu messed up my Ubuntu system.
  - From: "Virginia Hicks" <ginnyh532@gmail.com>
- Re: Bug#311188: Debian edu messed up my Ubuntu system.
  - From: Andreas Tille <tillea@rki.de>
- Apt repository interoperability (was: Bug#311188: Debian edu messed up my Ubuntu system.)
  - From: "Herman Robak" <herman@skolelinux.no>
- Re: Apt repository interoperability (was: Bug#311188: Debian edu messed up my Ubuntu system.)
  - From: Andreas Tille <tillea@rki.de>
- Re: Apt repository interoperability (was: Bug#311188: Debian edu messed up my Ubuntu system.)
  - From: "Caroline Ford" <caroline.ford.work@googlemail.com>

Prev by Date: Re: [slx-www-int] Combining Skolelinux with 1-to-1?
Next by Date: Re: Apt repository interoperability, again
Previous by thread: Re: Apt repository interoperability (was: Bug#311188: Debian edu messed up my Ubuntu system.)
Next by thread: Re: Apt repository interoperability (was: Bug#311188: Debian edu messed up my Ubuntu system.)
Index(es):
- Date
- Thread