Blog Post

My thoughts about Apt URL

  • Everything you need comes on one CD
  • Ubuntu is designed with security in mind

Both of the above lines were taken from the What is Ubuntu? page on the Ubuntu website. If this is still true, then we don’t need Apt URL do we? If it isn’t true, and we do in fact need something like Apt URL, shouldn’t these 2 lines be removed from the website?

The need for Apt URL simply tells us that Ubuntu doesn’t have everything you need on one CD. In the AptURL Policy Discussion blueprint on Launchpad, Rick Spencer states the following:

It should be much easier than it is for developers to get their apps to users, and it should be much easier for users to install such software. PPAs is potentially a good way to do this. Finding PPAs and exchanging keys should be much easier.

I couldn’t agree more, and can see how AptURL might actually work for this. But. Of course there is a but, otherwise this post would be more useless than it probably already is. The developers of the software that must be easier to get, should probably communicate with the distributions a bit, let us know they have a new release they would like to get into Ubuntu or they have new software. If we can’t get the software into the current release or the next release, then a PPA is perfect for this. But instead of me, Martin Owens, or anyone else for that matter, publishing software to a personal PPA, why not have the teams do it instead? The Kubuntu Team has a PPA, and I know a lot of the other teams do as well. Why don’t these teams publish it into their PPAs? This way here we don’t have to worry about the whole trust thing. With it going into a team PPA, the chance of more eyes seeing it before it is released to the masses is higher than it would be if I were to package and upload to my PPA. Using Launchpad, put a Apt URL button, similar to the One-Click buttons that openSUSE uses, on the team’s PPA page, if we really need Apt URL that bad.

The whole security minded thing was added because I can’t think of one way to really make this whole Apt URL thing secure, can you? GPG keys won’t do it, creating some network of trust won’t do it? Look at the sites that allow developers of Mac OS X and Windows software to distribute their stuff, do you see “This person is in our web of trust”? No, what you might see is a list of comments, and after a product has enough comments, it can get that whole “Preferred Developer” type of tag added to their name. Kind of like Pirate Bay does with people who distribute stuff there. They use a skull and a color to represent people of trust or good faith, which is kind of odd. At first I saw the skull and thought, oh stay away from that one. Security will always be a bitch with Apt URL. I was looking to see what kind of policy openSUSE had with One-Click stuff and I couldn’t find anything. Did they realize it was a “Use at your own risk” type of deal instead of spending the past 2 or 3 development cycles trying to figure out a policy that just isn’t there?

The fact that it is considered not easy to add a 3rd party repository should speak volumes in itself. We want to protect our users any way we can, and Apt URL will prevent us from doing so, from what I have seen thus far, you could of course prove me wrong and I hope that happens, soon! If a user doesn’t understand how to add another repository, should they really be trying to add it all? What is the reason for them trying to add another repository?

Is it because:

  • The package isn’t available in Ubuntu?
  • The package is outdated in Ubuntu?
  • The package is broken in Ubuntu?

If you answered yes to any of these, then your excuse of using Apt URL is nothing more than a band aid for problems in Ubuntu. But the package isn’t available in Ubuntu. Did you or anyone else file a bug to get the package in Ubuntu? No? That is definitely a reason why it isn’t in there, but I can understand this. Maybe you don’t know how to file a bug, and if this is the case, then maybe we should spend time somewhere else instead of Apt URL so we can make that process even easier, because the ability to file a bug is far more important than the ability to add a 3rd party repository that is loaded with candy from a stranger. How about the bug is filed, but nobody is looking at it? That is a problem with Ubuntu, so maybe we should spend time on figuring out how to fix this? How about it is packaged and sitting in REVU which nobody has looked it since September or something? Yet another problem with Ubuntu, and something we need to spend time on. The list can continue and cover an outdated and/or broken package as well.

Are people pushing Apt URL as a band aid for Ubuntu? Will Apt URL really make it easier for software developers to push their products to the public? Fill me in, what am I missing? Why is Apt URL so important?

Addition: Wanted to also note, that I don’t think apt-url will fix the issue of getting the latest software out there or fixed software much better than it already is. If Ubuntu is experiencing problems that are causing this band aid to be created, then what are we doing to do in order to provide another band aid when the people running these “whitelisted” repositories start to dry up? If these people running these “whitelisted” repos can contribute to their own repo, why can’t they contribute to ours? Shouldn’t we be trying to recruit these people? Shouldn’t we be trying to hold on to the ones we have now?

This entry was posted in Application, Linux and tagged . Bookmark the permalink. Trackbacks are closed, but you can post a comment.
  • Archives

semidetached
semidetached
semidetached
semidetached