[Zope-Coders] Re: (Off-topic) Linno
Shane Hathaway
shane@zope.com
Mon, 16 Sep 2002 13:22:16 -0400 (EDT)
On Mon, 16 Sep 2002, Guido van Rossum wrote:
> > > > (On a tangent, there ought to be a program called "Linno Setup".
> > > > It would provide an easy installation wrapper for Linux software
> > > > downloaded from the 'net, bringing a lot more people to Linux.
> > > > I think this hasn't been done yet because of concerns over Linux
> > > > viruses, but we could deal with most of that through code
> > > > signing.)
> > >
> > > I was with you until the last sentence. Why would an easy to use
> > > installation wrapper have more risk of transferring viruses than,
> > > say, RPMs?
> >
> > Because a lot of people, including myself, generally install only
> > signed RPMs (with a verified signature). A similar level of
> > assurance needs to be added to installers before they can be
> > trusted. Code signing isn't a perfect solution, but it at least
> > lets you verify that software comes from where you think it comes
> > from.
>
> Sure, but I don't understand why you think that this issue gets in the
> way of someone developing "Linno". If RPMs can be signed, then why
> not Linno?
I didn't mean that there are any obstacles in developing "Linno", only
that it should emphasize security. We agree, I think. ;-)
Shane