On Fri, Jan 24, 2014 at 19:21:23 +0200, Elad Alfassa <elad@xxxxxxxxxxxxxxxxx> wrote:
Adam, the problem is that it's extremely un-intuative for a user when it's "download a pacakge with the .repo in it you found on a random search on google, and THEN use Software to search for the app you wanted to install". People unfamiliar with the underlying architecture will not understand that easily. If we could make it so that a package could both install a repository file AND software from that repository (also known as "one click install") that would solve that problem, but will still introduce a problem of security, because it will encourage users to download random software from the web, essentially invalidating all the security benefits of a package management system.
Downloading commercial software is a security problem in the first place. I wouldn't expect downloading random software to be much worse. I suppose that would depend on the space you are selecting from, but for at least some ways about hearing about software, I would expect the commercial stuff to be much more likely to have anti-user features and bundled libraries with known security problems than some small open source project.
-- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
