There is a scary discussion on the Ubuntu Developers mail list.

[Cappy]

You can't without taking away every method they could use to install new software. Ubuntu can't whitelist every 3rd party package that a user might want to install.

[ryanVickers]

Perhaps there can be 2 modes to set the OS into in the Administration menu. You could change it yourself, or the admin could lock it down, but what it does is you get 2 modes - "normal", and "safe". For most users, they would set it to normal (how Ubuntu is now), and for very "computer-'unknowledgeable'" users, they, or the admin, could switch it to "safe" for their account, and it would block EVERYTHING that didn't com from the repositories or the updates - and adding repositories would be blocked.

You could just not give them the root password, but sometimes you have to, and some settings and stuff the user should be allowed to change needs it...

Just an ideae

[NullHead]

Perhaps there can be 2 modes to set the OS into in the Administration menu. You could change it yourself, or the admin could lock it down, but what it does is you get 2 modes - "normal", and "safe". For most users, they would set it to normal (how Ubuntu is now), and for very "computer-'unknowledgeable'" users, they, or the admin, could switch it to "safe" for their account, and it would block EVERYTHING that didn't com from the repositories or the updates - and adding repositories would be blocked.

You could just not give them the root password, but sometimes you have to, and some settings and stuff the user should be allowed to change needs it...

Just an ideae

I think thats a good idea. There would be a smart user system a root account and a user account ... the user would need to ask for a time activated root pass that would be only good e.g an hour but it's only good for something like changing a setting.

If they block all 3rd party software they should also make an easy to use repo screening system. So a developer has made some software for Ubuntu he submits it to the Ubuntu screening team to check it for something that might harm a pc and if the software passes it would go into the Ubuntu repository 3rd party software only section. But it needs to easy so that people aren't scared away from using it or not writing software at all.

[Kilz]

What everyone seems to be missing is that any ideas they have here will never be seen by the Ubuntu developers. Who have a history of not listening to users and doing exactly what they want. Try posting to that mail list and you will see what I mean.
I also see that this is something that effects the whole Ubuntu community. I am going to ask that it be moved to another part of the forum.

[RAV TUX]

I happened to be cleaning out my email box for the Ubuntu developers list. What I found may send shivers up your spine.

http://www.opensubscriber.com/messag...m/7673369.html

This is a discussion on how to make it difficult for users to install 3rd party applications under the guise that some may be malware. That the developers know more than users what is safe or wanted on a their computers. This sounds more like it came from Microsoft.
Am I reading this correctly?

Wow... I feel like I'm on slashdot.... umm rtfa?

Yes, the article is broaching the idea of restricting installation of software. And is discussing how software can be "controlled" for the deliberate purpose of eliminating malware and other such baddies (a good goal). It is important to note though, that the author of the so called "scary letter" realises these points. To quote:


I have had to clean up so many malware infested windows machines... I would dream of chains of trust to help my job! This is something that needs to be examined, because not everyone is a power-n3rd who can distinguish between cool eye candy ("yay compiz repos!") and a keylogger hidden in a music player ("umm.. Amaroque2?"). If we don't discuss OS defense, we leave the door open to virus makers, malware creators and all other kinds of malicious people.

Stop being so dramatic and lets actually get positively involved in the discussion. How do we protect ubuntu, and protect our unexperienced brethren from those who wish to harm them?

Interesting post, but honestly nothing to worry about. You could always just use Debian or simply build your own Ubuntu derivative both of which are very, very easy to do.

[FuturePilot]

That whole idea is just ridiculous! Sounds like they want to go back to the Linux of 1995.
I really hope that doesn't happen.

[Polygon]

this sounds liek teh scare that the kernel developers were going to make it so no restricted modules could be in the kernel, and gave everyone like 6 months to adapt before they forcefully reject any restricted modules (or something along those lines)

these people arnt stupid, im confident they will make a good decision

[MetalMusicAddict]

What everyone seems to be missing is that any ideas they have here will never be seen by the Ubuntu developers. Who have a history of not listening to users and doing exactly what they want. Try posting to that mail list and you will see what I mean.
I also see that this is something that effects the whole Ubuntu community. I am going to ask that it be moved to another part of the forum.

What everyone is missing is that there are no nefarious intentions here.

And this crap about Ubuntu developers "history of not listening to users" is pure and utter nonsense.

As someone who has had the privilege of moving from user to developer I can say in all honestly the users (which they are also and everyone forgets) are first on their minds. Go to a UDS. The are free for anyone to come and participate in and will show you how important we all are.

People ask for alot of impossible things that simply can't be done.

This was probably a mistake posting because alot of people on the board now a days rather hold on to and feed the crappy FUD and rumor but oh well.

Everyone wants to complain. If you don't like it actually get off your duff and do something about it or use another distro.

***MMA shakes head.

Kilz - This isnt aimed directly at you, more this general attitude that to me is all too common on these forums lately.

[aysiu]

What's the big deal? I guess some people didn't read the whole thing:

What is of course also necessary is an ability for power users to
specify additional third-parties without any blessing from Ubuntu.
However *this facility must not to be accessible to naive users*.

In particular, it *must not be possible* for a third party to invoke
such a UI via eg a website, incoming email, video file, or whatever.


We can't stop third parties writing on their website

"Now go to Settings / Advanced / Trusted Software Sources
and select Add Absolute URL
and paste in http://malware.example.com/ubuntu/
say `confirm' to the security warning and enter your pasword"

or

"Select Applications / Accessories / Terminal
In the window type
sudo apt-add-untrusted-repository --force-security-override http://malware.example.com/ubuntu/
and type in your password when prompted."

but even a naive user can be expected to smell a rat there.

On the other hand if the third party can say

"Your browser does not support Frobnication.
[Click here] to install it"

the user will click and probably say yes to the confirmation question
and enter their password when prompted. So we have to prevent that.

If you're a power user (as most of the people who visit the Community Cafe often are), then you can do whatever you want. This is basically extending a Gnome way of thinking: think for the "naive users" and then create a back-end for power users to do other stuff they want to do.

[RAV TUX]

What's the big deal? I guess some people didn't read the whole thing: If you're a power user (as most of the people who visit the Community Cafe often are), then you can do whatever you want. This is basically extending a Gnome way of thinking: think for the "naive users" and then create a back-end for power users to do other stuff they want to do.

aysiu, I agree that this is no big deal.

Also Ubuntu users can always use XFCE, KDE, Fluxbox or E17 if they don't agree with GNOME decisions.