LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Effort is beyond abilities of average ISV

Effort is beyond abilities of average ISV

Posted Jan 20, 2008 10:04 UTC (Sun) by NAR (subscriber, #1313)
In reply to: Effort is beyond abilities of average ISV by tzafrir
Parent article: Fedora developers on PackageKit

I'm afraid, most people are not interested in security updates, especially if they can't install the damn thing in the first place. Currently the "Next->Next->Finish" type installer usually works better (for installing!) for casual users than installing some 3rd party linux package.

Anyway, how many application can be really vulnerable to a libpng bug? The browser, the mailer, some mediaplayer? Most of them do get security updates, unless the user turned it off.

Bye,NAR

(Log in to post comments)

Effort is beyond abilities of average ISV

Posted Jan 20, 2008 12:59 UTC (Sun) by tzafrir (subscriber, #11501) [Link] 

Again, we have those in Linux (e.g: klik). And they are not popular, for a good reason.

next->next->next does not include the time it takes to:
* Locate the software
* Verify that it is not a trojan

The mere fact that you have to ask the user questions is a usability bug. In Debian it was
fixed long ago with debconf: a standard way to ask questions. With priority (so you can tell
the installed package to only ask important questions, or ask all questions) and you can
provide answers in advance.

Effort is beyond abilities of average ISV

Posted Jan 22, 2008 13:19 UTC (Tue) by petebull (guest, #7857) [Link] 

And if they use a standalone installer, they have yet another application 
they have to look after to stay secure.

If they put up with the burden to add the repository, verify the 
repository signing key and install it with the distributions package 
management system, the updates will come in like any other security patch.

ISV packaging will lead to even more code duplication with libraries like 
libpng etc.

IIRC openSUSEs One Click Install provides a way to the casual user to add 
repositories and install software with one click.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds