AptUrl – Why don’t we use it for the Ubuntu wiki?
I often recommend Ubuntu to people and recommend that they install programs like miro, and geany. Geany comes stock in the Ubuntu repositories and miro has great step-by-step install instruction for beginners, however as I make this post they currently have no official Gutsy support. When I recommend a program to a user I usually send them the command line install command sudo aptitude install geany as well as sending them instructions
Go to System, then Administration, then click Synaptic. From there you can search for geany and you should be able to double click the name then click install and Ubuntu will install geany for you.
In my mind both solutions extremely simple, but then I have been using Linux for a while now and am a computer geek. I was trying to set up ssh the other day for a friend and they where complaining to me about how on Windows they can just click the program the select run, I claimed that you could do the same thing in Ubuntu (with a deb file) but the claim was that the website (repository browser) was ugly, and well I cant really argue with that. Now that Geany is out I can go back to my friend with another solution and if they want to install Inkscape I can just say “here you go“.
The only downside is that currently adding a new repository is disabled, my two cents is that we should give the user a nice large warning then go ahead and add the new repository. Another anoying and easily fixed thing is that I was looking at the Ubuntu wiki for games yesterday and I thought “ohh I’ll add in some apt:// URLs so that users can just click to install games”, but currently the Ubuntu wiki doesn’t support apt:// URLs so I got them working on my own wiki, just to make sure that it was easy and started a list of my favorite applications.
I guess I really have 2 requests:
- Enable AptUrl to add third party repositories, I’m going to download the code eventually and take a look at this and post a deb file if I make one. But It would be great if someone beet me to it.
- Add support for apt:// URLs on the Ubuntu wiki.
Oh and thanks for such a great feature.
You don’t mean 3rd party repos (as apturl will install anything already in your sources.list), you mean arbitrary repositories.
And that’s a *horrible* idea.
It’s a horrible terrible no good very bad idea because it more or less allows random people to sneak deb installations into places you wouldn’t think. All of the sudden people will need to hover over links in firefox just to make sure they’re not malicious, and even then, you’ll get international characters that look benign and bad things will happen.
Lets please not turn ubuntu into windows. Please?
There is a Gutsy Release Candidate of Miro just released. The final version I read here should be out next week.
I haven’t heard of apturl until today.
Anyhow, I am just wondering how safe it is to have third-party repos. Sometimes things break when installing or upgrading something because of a problem with third-party repos.
New URI Schemes Considered 99% Harmful. See http://infomesh.net/2001/09/urischemes or an appropriate Google search.
The Nokia N800 has a “one-click install” feature in which files with a magical MIME type, which point to apt package names, are downloaded over any protocol of your choice (so, in practice, http). That MIME type is associated with the package management UI, so downloading a file of that type causes the package management UI to run. This is a much better way to hook apt into the web.
In the Nokia implementation the “pointer” files can also name a third-party repository. The UI gives a warning about adding this third party repository, although I don’t think it’s really enough for such a dangerous action.
AptURL adding 3rd party repos is a terrrrrible idea. AptURL is only a safe feature because it cannot do that. Will almost inevitably lead to many new users unfamiliar with this risky business having compromised systems.
@No One In Particular With a large warning I feel it is sufficiently safe to install 3rd party repository, users are going to do it anyways so we just need to warn them. If it is so bad then why do we show users how to do it on (http://help.ubuntu.com/community/Medibuntu)
@Hugh that requires a 3rd party repository.
As for the rest of you thanks for the comments I promise I will respond later, no one has any feedback on adding the apt:// to the Ubuntu wiki?
totally agree
Anyway we WON’T let people to add 3rd party repo
Preventing themselves to break their own system
Apturl rocks for sure!
I don’t like apturl, what’s the point of this? Turning a nice distro into an ugly I-can-install-everything–in-one-click Windows-like system? Let’s stop thinking people are idiots, launching Synaptic and clicking on a software to install it is not that hard. And if someone is not willing to learn to do that, he should not even try to use a computer in the first place.
The point is to give people another option for installing applications. One of the things that people like about windows is that there’s ten different ways to do any one thing. Flexibility, so that Linux appeals to the geek and the novice alike.
Jeff, I think you hit the nail on the head, giving users another option is a great thing!
The real danger here, IMO, is that the wiki pages are easily editable. You would essentially be allowing people to install packages with absolutely no way of determining if they are safe. The instructions for Medibuntu are much different because that is a signed and known repo. Somebody could spoof the Medibuntu page I suppose and redirect but it would be trivial to add a URL to a wiki page to point to your trojan, etc.
I don’t particularly buy the “they’re going to use 3rd party repos anyway” argument. Just because they do it doesn’t mean we should encourage it. There should really be a rather small set of packages that we can’t provide via standard repos.
I dont think third party repo adding is a good idea…. to easy to install damaging repos
Also why oh why is the protocol only registered in FF? It would be nice to be able to email links to my grandma so she can install “bridge”
@LaserJock
I’m not sure I see the difference between click a link and getting the message\
“you are about to install xxxx to install xxxx we must first add repo yyyy, would you like to add repo yyyy to install xxxx”
and
to install xxxx please first ad repo yyyy to your sources.list
either way I can edit a wiki page and change what yyyy is.
@Killerkiwi
Can you tell me what FF is?
It’s obvious that killerkiwi means Firefox with FF (the official abbreviation is Fx, btw), and I fully agree with his comment, I’d like to be able to use apt:// on liferea, for example, and other programs.
RainCt and Killerkiw, I think you are right being able to use the apt:// protocol with other browsers and programs (sending it over gaim would be cool also) would be great.
I’ve been silently hoping for a long time that this will happen. To the opponents of the idea, all I have to say is that almost everyone adds third party repos anyway, and making features deliberately harder to use is not how you achieve security.
I just installed miro through the official Ubuntu repos.
@Jon I think thats great, but there is always going to be 3rd party aps that people want. Acroread for example.
Right now apturl is relatively safe because to add a repo the user must manually add it. This is the safeguard. Allowing a repo to be added via URL string and then installed is a very “Microsoft/Activex” thing to do.
IMHO, we as a community should discourage the use of 3rd party repos with the same energy we discourage the use of Automatix. At the same time, adding resources to get the most popular programs into the Ubuntu Repos and keep them current. Do that, and the draw to a 3rd party repo, for the average user, pretty much disappears.
How can you add apturl link support to media wiki? By default it doesn’t seem to work.
orvils, see: http://www.mediawiki.org/wiki/Manual:$wgUrlProtocols
My localsettings.php looks like this:
# http://www.mediawiki.org/wiki/Manual:$wgUrlProtocols
$wgUrlProtocols = array(
‘apt://’,
‘http://’,
‘https://’,
‘ftp://’,
‘irc://’,
‘gopher://’,
‘telnet://’, // Well if we’re going to support the above.. -ævar
‘nntp://’, // @bug 3808 RFC 1738
‘worldwind://’,
‘mailto:’,
‘news:’
);