cypherbios.org — "With this new feature it will be possible to install applications just by clicking in a link that point to a new apt:// protocol, it will call a dialog asking if the user really wants to install that package, if yes the superuser password will be asked and the package will be installed. It’s simple like that :)"
Jul 10, 2007 View in Crawl 4
championchapJul 11, 2007
You have a point, but It's about as close to single click installation as you can get without completly losing security.I dont count the password typing as a click either.
weizboxJul 11, 2007
especially when Ubuntu over complicates the process..Having the add/remove applications AND synaptic defiantly made it a bit redundant..... and the fact that you can't add/remove some applications listed in the add/remove app just adds to the fun!
weizboxJul 11, 2007
as far as user interaction goes... it's somewhat the same. As far as what is actually going on, its defiantly different. You can only install programs that are already listed in the repos that you have added to your system... so you can't really download anything that's all that dangerous unless you have a repo added that is unsafe for whatever reason(you would probably have to go out of your way to do this).Glad to see people dugg you down and yet failed to leave a comment to help you out with your understanding... slackers ;)
powatomJul 11, 2007
While it is secure in the sense that only software in your repos would be installed, what's stopping me from creating a web-page about Linux software, with links which look like these apt-links, but are in fact calls to JavaScript functions which pop up a new window, get the user's password, and send it back to me? THAT is a security vulnerability. The website appears to be down at the moment so I can't check whether they've taken this into account, but I hope to god we see the following:1) The screen-darkening which password input windows force.2) Users smart enough to check the window icon and make sure it doesn't have the Firefox logo (or indeed, whatever browser they're using).3) If a clever web designer can create such effects, I hope there is some kind of 'proof' that the password box is the REAL password box and not a fake. It's hard to think of what could be possible to achieve this. Perhaps, when the user installs the software required to do this, they could be given the opportunity to 'customise' their password box so that they will know without a doubt that the password box they're seeing now is the real one. Maybe the user would input a line of text during install (Maybe their mother's maiden name, first pet, etc etc), and this would show up inside the box every time it was called?Can anyone confirm that the security of this thing is sufficient? Like I said, the website's down s I can't check :(
maybeway36Jul 11, 2007
Konqueror soon maybe?Who cares, I only use it for file management and FTP anyway.
pjbonovoxJul 11, 2007
*Runs and gets his virus, 'fake_made_up_application-0.1.deb' into the Ubuntu repos*
deq2Jul 12, 2007
awesome