Custom web browser protocol to install from apt-get

[Tristan Wibberley]

John McCabe-Dansted wrote:
>> Oh yes, but security is a big issue, at the moment people just install
>> from the preconfigured repositories, with such an easy way to install,
>> people will happily click yes. This should be made to scare bucketloads
>> of poo from users if they are about to install packages from an
>> untrusted source.
> 
> How safe are the other official repositories? E.g. Universe,
> Multiverse and Backports?

They are maintained by the MOTUs (I don't know about backports - but I 
think that one should be left for more experienced users) and they are 
signed with the ftpmaster private key.

> These are not preconfigured, but it would be
> nice if there was a nice easy way to let a user install packages from
> these repositories from a web interface. I guess the main danger is
> funny cruft in the control.tar.

I think the only thing that could be done for dapper (and might be too 
much even then), is to install a script like the one in the dvdread 
package, and put instructions on the web saying:

"Select the text "sudo /usr/share/ubuntu-desktop/add-motu-sources" with 
the mouse,
Press Ctrl-C,
Press Alt-F2,
Wait for the Run Application dialogue to appear,
Press Ctrl-V,
Press Alt-t to check the "Run in terminal" box,
Press <return>"

I wonder if firefox can be scripted to put some text on the clipboard?

I don't think it should generally be that easy to add arbitrary 
permanent sources, dependencies could go totally screwy and most users 
just won't be able to fix it.

-- 
Tristan Wibberley