|
Description
Installing a software by double clicking on a .deb is now really simple thanks to gdebi. But a a software installed by this method will not be able to auto update. So I propose that a .deb will be able to propose to the user to add a repository in order to stay up to date.
Tags:
(none)
Attachments
No attachments.
Duplicates
Comments
|
retj wrote on the 19 Apr 08 at 12:11
| |
That is called 1-click install it's an opensuse feature, i've posted an idea for that could they be merged?
|
|
neotenshi wrote on the 19 Apr 08 at 13:07
| |
This is a good idea but it should ask the user if he wants to add the repository, it shouldn't add it by itself
|
|
Warbo wrote on the 19 Apr 08 at 14:01
|
All it needs to do is include a file like etc/apt/sources.d/package-name.list in its data archive. It could include a GPG command in its install scripts too to authenticate the repository (so no warnings appear).
Don't know if auto-signing keys would go down well with some people, meh.
|
|
sf_007 wrote on the 19 Apr 08 at 16:06
|
yeah, excellent idea, it would be much easier to install software and keep it up to date, just like you said, not add it by default, but instead propose that to the user...
nice one +1
|
|
peterjs wrote on the 19 Apr 08 at 19:50
| |
I'm going to agree with Warbo, there's no technical reason this can't be done today. If you really want to see this done go ask your third party providers to make it happen. -1 already implemented.
|
|
bobpaul wrote on the 19 Apr 08 at 20:14
|
This has frightening security implementations. Trusted repositories help prevent the situation we find on Windows, whereby people find dangerous software via search engines and install it on their own.
Installing a *.deb file /should not/ be as easy as installing from the repository. Application developers should submit their projects for inclusion in the main repositories, where they will at least be subject to some review prior to inclusion.
Additionally, as many have said, this is already possible. I would, however, have to classify anything that automatically signs keys as "exhibiting virus like behavior."
|
|
bielawski wrote on the 19 Apr 08 at 20:35
| |
-1. This is already possible - it's up to the developer of a package to set up a repo and add it to the user's list on install.
|
|
vexorian wrote on the 19 Apr 08 at 22:58
|
Oh gosh so many possitive votes.
Definitely -1. If there is a repo the developer should just tell you to use it.
|
|
holizz wrote on the 20 Apr 08 at 06:36
| |
-1 Add the repository yourself because this is a really bad idea. Although there's nothing but common sense and common decency preventing anybody from creating a deb which does this.
|
|
Eldmannen wrote on the 20 Apr 08 at 17:20
|
You can add your own custom repositories if you want.
.deb files are just packages, and does not contain any reference to any repositories, so this is not possible because it does not know where to find updates.
|
|
peterjs wrote on the 20 Apr 08 at 22:54
|
@Eldmannen
It's very possible. /etc/apt/source.list.d/foo.list is just a file, now given it's location it will be read in to the repository list by apt, and if it happens to contain valid repository listings for a repository that contains a deb the owns the file /etc/apt/sources.list.d/foo.list, you're off and running. There's no technical reason this can't be done today using the above method. But as others have posited I'm not sure this is the wisest or safest idea ever purposed.
|
|
mridkash wrote on the 21 Apr 08 at 15:10
|
-1
very unsafe. Repositories should be trustworthy.
Ask the .deb makers to include the product in official repository.
|
|
ubunteando wrote on the 24 Apr 08 at 14:06
|
TOTALLY AGREE.
previus comment: users should be aware of what packages they install as well!
|
|
_alex_ wrote on the 26 Apr 08 at 18:23
|
I think it's a great idea. Obviously it should be optional, at the end of the install a dialog box should ask:
"Would you like to keep this software up-to-date by adding [software source] to the repository? Yes / No"
To the people who say it's unsafe: it's not any more unsafe than installing the untrusted software in the first place.
To the people who say it's up to developers to add this to the installer: Most devs can't be bothered to do that, but if deb packages had an optional "source" field that could easily be specified with a packaging tool, then it'd become standard practice.
Just because something is possible doesn't mean it's easy. Ubuntu claims to be Linux for human beings, hence we should consider anything trivial (such as auto-update) that takes more than a couple of clicks broken.
|
|
peterjs wrote on the 27 Apr 08 at 06:57
|
@Alex
Developers don't make packages, packages and maintainers do. Now if they can't be bothered to include /etc/apt/sources.list.d/foo.list, or even set the repo up in the first place, what good does adding an extra field to the deb package standard? They're not using the tools they have now, how is creating new ways of doing things going to make the situation better.
|
|
_alex_ wrote on the 27 Apr 08 at 15:39
|
Paterjs,
Correct me if I'm wrong, but my understanding is that right now you actually need to write code to make the installer add the source list to the repositories. Hence you need devs to do it.
All I'm saying is that rather than rely on each and every software provider to collectively decide to include auto-update functionality (unlikely), we instead provide a standardized framework for them to do so easily.
|
|
peterjs wrote on the 2 May 08 at 06:08
|
Nope, no code need. All the packager needs to do is include an /etc/apt/sources.lst.d/foo.lst file in their package.
And there is a standard framework, you want to add a software source? put a file in /etc/apt/sources.lst.d/ that describes the source.
|
Post your comment
|
