JauntyTrustedThirdParties
Launchpad Entry: partner-repositories
Created: MichaelVogt
Contributors:
Packages affected:
Summary
Explore enabling "trusted third-party repositories" in Ubuntu to provide for better user experience and smoother interactions between Ubuntu and popular applications. Examples of possible trusted repositories could include: Canonical, Google, or anyone who demonstrated trustworthiness and was willing to abide by the determined criteria to qualify themselves and be "whitelisted" within Ubuntu so their applications would be more readily available to Ubuntu users by virtue of their efforts with Ubuntu and their trusted position.
Release Note
Easier application installation in Ubuntu. Popular applications like $foo are just one click away now while still providing the high standard of reliability and security that our users know and expect.
Rationale
There are various applications that we can not ship in the default repository but that are popular and useful for our users. This includes proprietary applications like picasa or applications that move very fast like wine. We should provide a way to make it easier for our users to install them in a reliable and secure way.
Use Cases
- Boby wants to use picasa to store his photo collection. He goes to the google picasa page and clicks on "install picasa on ubuntu now"
- Alice wants to play the latest window game "foobar" that works with the latest release of wine.
Design
The technical part of this specification is described in https://blueprints.edge.launchpad.net/ubuntu/+spec/jaunty-apturl-add-repo and what needs to be done in apturl to support the new mechanism.
The policy that a repository must follow in order to be in the whitelist is described here. Potential repositories are: Adobe, Mozilla, Skype, WineHQ, etc.
Implementation
The policy will be published in a wiki page and Ubuntu checks regularly that its followed.
Unresolved issues
Should we include fast-moving applications (like wine) here or should we better use ubunut-backports for this?
BoF agenda and discussion
Things to talk about:
compatibility
- problem of package name clashes
- file overwrite issues
- upgrade issues/dependencies
security
- repos must be signed
QA
- there must be a launchpad project page that users can report bugs against
- packages must get (public?) testing before they are published on a stable release
...