> One solution would be giving apps an option to add a remote and install > the required runtime from it, but Alex sees that as a potential > security issue. Can you elaborate? What security issues? Could installing runtime X subvert runtime Y used by other apps, e.g. by claiming that X is an update for Y? In that case I'd expect that GPG keys have to match, or something like that. > If the required runtime were not in one of the trusted remotes, the > user would be told that the runtime was not found in trusted remotes > and he'd have to install it manually before installing the app. How is this fixing the security issues? Most users will happily confirm a dialog, without studying key fingerprints etc. _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
