[Zope-Coders] Re: (Off-topic) Linno

[Shane Hathaway]

On Mon, 16 Sep 2002, Guido van Rossum wrote:

> > From: Shane Hathaway <shane@zope.com>
> >
> > (On a tangent, there ought to be a program called "Linno Setup".  It
> > would provide an easy installation wrapper for Linux software downloaded
> > from the 'net, bringing a lot more people to Linux.  I think this hasn't
> > been done yet because of concerns over Linux viruses, but we could deal
> > with most of that through code signing.)
>
> I was with you until the last sentence.  Why would an easy to use
> installation wrapper have more risk of transferring viruses than, say,
> RPMs?

Because a lot of people, including myself, generally install only signed
RPMs (with a verified signature).  A similar level of assurance needs to
be added to installers before they can be trusted.  Code signing isn't a
perfect solution, but it at least lets you verify that software comes from
where you think it comes from.

Shane