Ubuntu: Apt-Url and the White-List

Today I’m going to talk a little bit about one of the sessions at the Ubuntu Developers Summit, it was a session about AptURL Policy when dealing with Debian repository links and how best to add them.

At the moment in Jaunty the functionality to add PPAs and other repositories from a single click is developed but turned off. The fear that turned it off is that a user could add just about anybody’s repository and install anybody’s software without so much as a security check to see if what they are installing is safe.

So what was the problem? Well a number of staffers at Canonical want to make a white list which gives Canonical or the Ubuntu Technical Board implicit trust on every default installation Ubuntu to favourably select which repositories it considers to be safe. On the other hand some community members are concerned that giving Canonical this power could be easily misused by keeping competitors out or favouring corporate partners more than individual developers. Those on the white list would enjoy one click installation of repositories (including PPAs) and those not on the list would be relegated to the current system of hacking the user’s sources by hand and trying to convince them to add a gpg key manually. To get on the list a repository would need to sign an agreement stating the stability of the packages and so forth (which is not a bad thing IMO).

My position is user centric. Unsurprisingly, while I would be in favour of allowing the user to mess up their own machine if they wanted to, I’m much more concerned with the duplication of yet another trust system and one that would be inflexible technically.

What I would prefer to see is a system of identity trust and qualitative peer review scoring based around GPG keys and some form of open quality system. One where the Technical Board trusts Dell and if I trust the Technical Board, all is well and I can trust Dell with a nice little pop-up box telling me everything I need to know to make an informed choice. What I would not like to see is Dell software installing automagically without ever asking me what I wanted.

On the other hand if I wanted to install something from my PPA, then I should in theory be allowed to express my social trust and technical confidence through the exact same system. I believe in providing the end user with as much relevant information as possible and then handing off ultimate control of their own machine’s to them. While it’s true that lots of users are not well trained on security issues, I would not want to see us give in to the idea that all (or any) users are an incapable idiots who could never be educated and would always click away everything.

The two mockups above are very rough draft, but they are my current thoughts brought to life by glade. the buttons would open up a web page with further information, could be a launchpad account or some other website with nice verbose information.

Update: Jeff has made some very good points below, I’ve attempted to update the post to reflect a more refined view of making sure that qualitative and identity issues are not mixed up. I will use “trust” to refer to identity to mean “I trust that this person/company is who they say they are” and “confidence” to mean “I understand this person is technical and morally able to not ruin my computer”.