On Fri, 2015-09-11 at 00:41 -0500, Michael Catanzaro wrote: > On > Hi, > > You've posed a hard question that we've been ignoring because it's > hard. I think you are being unnecessarily alarmist and defeatist here. The thing to realize is that Fedora has no interest in *preventing* users from installing arbitrary software on their system. What we have an interest in is preventing users from being *tricked* into installing such software. > Your key point is: "Packages not represented in Software are installed > by users now, and these packages will continue to be installed if > Software deigns to only expose xdg-apps." I think we have to be clear here that Software currently shows only software that is built on Fedora servers. (There is discussion of changing it to allow for disabled repositories to end up in search results, but these would still be rare exceptions, carefully selected.) What xdg-app allows is to make it plausible to greatly *extend* the set of software - to allow displaying results that are not built by Fedora. It can't be a complete wild west - there have to be mechanisms for reporting abuse, blacklisting apps, etc - but we can very viably allow people to download and run applications built by 3rd parties, without making every such app downloaded be able to do *absolutely anything on the system* as is the case now. For applications built in Fedora - moving them to xdg-apps provides incremental benefits, such as having a security vulnerability in an application be localized to that applications - so there's an incentive to work in this direction. But there's no point in just blanking kicking out all existing applications in Fedora out of Software unless they are packaged as xdg- apps - that doesn't benefit the user. > The compromise solution will probably wind up being that Software only > exposes xdg-apps, like you fear, but I'm going to argue that doesn't go > nearly far enough. You maybe haven't considered that we have a > compelling interest to make sure users can run only sandboxed xdg-apps, > period, so that bad guys can't own users' computers by putting custom > installers and RPMs up for download on their web sites. But we also > want to make sure Fedora remains a general purpose OS that the user has > full control over: we're not respecting the user if we limit what he > can do like an iThing. The goals are contradictory. We might want to eliminate the behavior where, currently, you can click on an RPM link and the RPM is opened by GNOME Software. Or at least the ability to override the default rejection of unsigned packages by entering an admin password. But that doesn't mean that we're preventing people from installing such RPMS and taking the control out of the system out of the people using the system. - Owen -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop