| |||||||||||||
|
| |||||||||||||
What about zero-install?What about zero-install?Posted Jan 24, 2008 21:12 UTC (Thu) by vonbrand (subscriber, #4458)In reply to: What about zero-install? by thierryg Parent article: Fedora developers on PackageKit
Doesn't cut it. Each user installing stuff willy-nilly isn't a solution, it is a huge problem. Sure, if it is a one-user machine, this works fine; but in that case, installing system-wide is not that much harder...
(Log in to post comments)
What about zero-install? Posted Jan 25, 2008 13:03 UTC (Fri) by Tom2 (guest, #43780) [Link] The page the GP pointed to only contains 147 words of text, including: "Users can share downloads without having to trust each other" It took 15 seconds for me to read the page (I timed it). You might also like to read this page: http://0install.net/sharing.html OTOH, if you actually tried it and it didn't work (or caused "a huge problem") then by all means post the details of what happened.
What about zero-install? Posted Jan 25, 2008 13:22 UTC (Fri) by vonbrand (subscriber, #4458) [Link] If you own the box, "install as a regular user" vs "install as root" is no big deal. If it is a box with several users, "each one installs their own, untested stuff" is a headache in the best case, and a horrible security risk in any case. Ever heard that Windows has to be reinstalled periodically due to being messed up by random installs? Happened to me too when managing a Unix/Linux system included fetching and installing software from source. Exactly the same situation here, user accounts will have to be rebuilt once entropy has become excessive.
What about zero-install? Posted Jan 25, 2008 14:00 UTC (Fri) by Tom2 (guest, #43780) [Link] Well, Windows doesn't even have a version of Zero Install, so it must have been something else that messed it up. I'm not terribly familiar with Windows, but as I understand it, installation works basically the same way as with RPM or dpkg: - You get a package file, containing executable code (e.g. "setup.exe" or "preinst.sh"). - You run the executable code with admin/root privileges. - The code makes whatever changes it feels like to your system. Obviously, that's likely to mess up your system. However, I don't see how that applies to Zero Install. In fact, Zero Install seems to be the exact opposite of the Windows/RPM/Debian approach. Could you clarify what exactly you're worried about?
What about zero-install? Posted Jan 25, 2008 15:02 UTC (Fri) by vonbrand (subscriber, #4458) [Link] A messed up system because the sole user installed lots of junk is different how from a messed up $HOME because the user installed lots of junk? If you look around, latest malware doesn't take over the machine (it has become harder as MSFT has slowly tightened security), they content themselves with using the user's resources. Users installing applications under their control is exactly what such stuff needs...
What about zero-install? Posted Jan 25, 2008 17:14 UTC (Fri) by Tom2 (guest, #43780) [Link] You wrote: "Sure, if it is a one-user machine, [Zero Install] works fine", so let's look at multi-user machines, which is (presumably) what you have a problem with. On a multi-user system, a messed up system is worse than a messed up user account because: 1) All users are affected. 2) Any security policies that might limit the damage (iptables, AppArmor, SE-Linux) are compromised too. On a single-user system (where the user is the admin) and where the user doesn't make use of multiple accounts or other sandboxing or security technologies you're right: Zero Install isn't a significant improvement on Debs. Except, of course, for the benefits mentioned by the OP: "No admin rights needed, minimal dependencies on the host, multiple (eventually conflicting) dependencies handling, distributed depository setup (i.e. an ISV can publish software by himself)." (and let's all agree that on a single-user machine, a user who accepts Zero Install's "Do you trust this GPG key" question is just as likely to enter the sudo password when dpkg prompts for it).
|
|
||||||||||||