Fedora board vote and way forward
Matthew Garrett
mjg59 at srcf.ucam.org
Fri Jan 24 14:58:44 UTC 2014
On Fri, Jan 24, 2014 at 02:38:44PM +0000, Richard Hughes wrote:
> On 24 January 2014 14:28, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> > Not unless the user has already added the Chrome repository.
>
> So if gnome-software supported YMP files
> http://en.opensuse.org/openSUSE:One_Click_Install_ISV that would be
> okay for FESCo? Of course, that would mean convincing all the non-free
> upstreams to add an extra file, as well as the traditional
> semi-static-binary-plus-repo.rpm file.
That would seem fine, yes.
> I'm not sure it makes it any easier from an end user point of view,
> and I'm sure it makes it a lot less safe. Imagine some random person
> posting a malicious ymp file in fedoraforum.org which gets picked up
> by google for some common search words and users haplessly click on it
> without reading the XML or verifying the URL. In that case it might
> just be safer for users to search for chrome on google, get directed
> to http://www.google.com/chrome and then they can click the .rpm file
> there.
We can't curate a list of "safe" repositories in any meaningful way - we
simply don't have the infrastructure to do so. There are existing
mechanisms that could be used (require the XML to be signed with an EV
certificate, for instance) which would act as significant impediments to
random people spoofing genuine repositories.
> Which is the point we're at now. What FESCo has effectively said is
> "what we have now is fine", and we have a declining userbase that says
> otherwise.
The example you've used is Chrome. Chrome is not present in the
Windows Store. Chrome is not present in the Mac App Store. Users are
forced to manually download it from Google. This doesn't seem to be
hurting their popularity.
There are multiple issues with Fedora. The degree of technical churn
means it's difficult for us to apply polish to certain aspects of the
system. We do things like push stable updates that break systems. We
fail to follow through on development efforts that distinguish us from
the competition. We're bad at making a product. Ascribing any decline in
userbase to "It's difficult for users to install Chrome or Skype" isn't
helpful - maybe it's true, but there's so many other things that could
also be turning users away that it's impossible to tell.
When we're faced with a bunch of problems, let's concentrate on the
problems that don't require us to compromise our pinciples. This longer
release cycle gives us the opportunity to fix a lot of the things that
are fundamentally wrong with Fedora. It'd be a shame to see that
opportunity wasted because we're fixated on one issue.
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the desktop
mailing list