[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apt repository interoperability (was: Bug#311188: Debian edu messed up my Ubuntu system.)

On Mon, 21 Apr 2008 09:42:38 +0200, Andreas Tille <tillea@rki.de> wrote:


[Removed bug address from cc list because it blurs the log]


Thanks


On Sun, 20 Apr 2008, Herman Robak wrote:



Repositories that look alike on the surface may or may not play nice
with each other.  They may be binary incompatible.  Their maintainers
may not endorse (i.e. support) other repositories that are intended to
be binary compatible, either.  Users who add third party repositories
are left to figure out this for themselves.  It's as if adding an apt
repository is an expert operation; User Beware!


But how to solve this technically???
Patch any editor (including echo and cat that might ">>/etc/apt/sources.list) 
to issue a warning about possibly dangerous results when you change
the repositories?


 Use a file access monitor (FAM or something similar).  I know, popping
up a dialog saying "it seems you are adding an APT source" is awfully
Clippy-like.  Any less obnoxious suggestions?



In how far is this action more or less dangerous as any other action
done by root?


 It isn't.  It just happens to be pretty common. Because it is frequently
encouraged, by HOWTOs and other users.  Installing stuff is a very common
task, and Debian's walled garden doesn't have ALL the desired stuff.

 Joe Average should hardly ever need to become root.  But he has to become
root to install software.  There's your test: "When does Joe Average have
to become root?"



I don't think we want to advertise loudly the lack of such safety
features.  But unless we do, I think it is the duty of Debian and its
derivatives to improve the safety nets.


How?


 I will not suggest quick fixes for this, because I don't think there
are any that would work well.  This is a design challenge.  Some thoughts:

1) Encourage the use of user interfaces to the APT sources list, instead of
editing it. Since those user interfaces are aware of the task they perform, 
 good instructions can be given and safety measures are feasible.
 Nag the user who edits sources.list by hand (using FAM?)

2) Make APT pinning a prominent feature; maybe the default for 3rd party
 APT sources.


 I'm pointing out a problem.  Not because I have devised good solutions
for it, but because I think the problem is real.  I know this places me
in the "talkers" camp, who are less entitled to an opinion than the
"doers".  But I still want to say this for the record.

--
Herman Robak
Reply to: