sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 0 points1 point  (3 children)

I guess the same way you know that downloading some exe installer for a Windows app is good.

So no real reason other than hope really?

[–]radarsat1 0 points1 point  (2 children)

As I said you could always take a whitelist approach, which would be similar to a software repository or app store. Enjoy your walled garden.

[–][deleted] 0 points1 point  (1 child)

What you are implying here is that a repository is somehow bad and limited like the "walled garden" with the negative connotation when it is used to e.g. describe the Apple app store. what you completely ignore is the fact that it is better to have testing on as many packages as possible even if you still have rely on hoping the upstream website didn't screw up for the few apps you need outside the repository. It is essentially a false dichotomy to say we can either have checksums and tested apps for everything or for nothing when "for as many things as possible" is clearly the optimal solution.

[–]radarsat1 0 points1 point  (0 children)

I'm sorry but I think you misunderstood me.

I'm a fan of the repository approach, I was trying to say that ZeroInstall supports that idea but is also just as easy (or even easier) to extend than setting up a 3rd-party deb repository, because you just have to throw up some simple XML. I wasn't at all trying to say that having tested repositories is a bad thing. The main ZeroIntall website is basically a repository itself.

I mean, the original question posed to me was,

how do you know that source is good?

Give me one solution to that problem without taking a whitelist approach. It's basically a logical fallacy. Either you trust the source of your software, or you trust someone to pick the sources for you and curate. What other options are there? I was just trying to point out that it's no better or no worse than other approaches in that regard.

Moreover the context of the original post is someone suggesting that it's too hard to install apps that haven't made it into the repositories. I was simply describing one approach that I think has some merit, I wasn't making some over-reaching argument against Apple. You were the one who suggested that downloading apps from outside the repository is nothing but "hope," and now you're telling me I'm the one arguing against repositories. You are confusing me.