RFC: On-demand package installation API in kdelibs

Sun Aug 1 13:03:39 BST 2010

On Wednesday 28 July 2010 21:27:14 Ivan Čukić wrote:
> >> I don't think anyone was intending to expose this API to html
> >> renderers (or anything similar for that matter).
> > 
> > they can be faked.
> 
> Oh, I didn't understand you at first - you meant they'll make a window
> inside the webpage that looks like it is coming from KDE.
> 
> I agree, if not thought through very thoroughly, this could be an issue.
> 
> ----
> 
> I've added Dario to the discussion. (I guess he's already on the list
> but hasn't seen the thread)
> 
> He was talking about something similar before.

Whoops, I've actually been without internet for long, so I can jump in just 
now.

So, I was actually already after such a thing and I've talked about it with 
Lubos already back in the Tokamak days. I didn't really have time to look at 
the implementation throughly, however what I was doing ( 
http://websvn.kde.org/trunk/playground/sysadmin/shaman/ ) was a slightly more 
complex and powerful thing. In the usual KDE fashion, that was a wrapper for 
various package management interfaces (packagekit, apt, $whatever) providing a 
high level interface to application to interact with package management.

This indeed was meant to be integrated straight into the workspace: the whole 
API allows creating transactions, monitoring transaction and whatever, and is 
also able to perform some custom operations. A lower level API is also 
provided for creating package management GUIs. The final aim of all of this 
was to allow applications to ask the user to install stuff, and if the user 
agrees and authenticates (the whole deal obviously does not run as root), 
provide the progress straight into the system tray and make the whole 
experience less painful and more integrated.

Shaman's system is way more complex, although it could be a winner in a long 
term, and I plan to work on it more next year (there is also a SoK going on 
for it). Although, I see this feature is extremely controversial (I didn't 
read the whole discussion though, sorry), and something like shaman gives 
indeed a lot of power to applications - despite everything needs to be 
authorized by the user.

My final point would be actually having an API for applications, but letting 
the workspace do the final interaction. So the application says "you need to 
install codecs", and you actually says yes. Plasma is notified and a trusted 
mechanism is started which tells the user "hey, application X is trying to do 
Y, do you want to do that?" (maybe KWin might help here with some tricks) and 
then you either confirm or discard.

So a good compromise might be:

 - A very basic API, similar to the one Lubos proposed, in KDELibs.
 - Something like shaman in kdebase-workspace, which is meant to be used by 
plasma only and which would be doing all the "dangerous" stuff.

I think this would grant the best of both worlds and actually would make some 
concerns about security disappear.

Opinions?

-- 
-------------------

Dario Freddi
KDE Developer
GPG Key Signature: 511A9A3B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20100801/1d577ae7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20100801/1d577ae7/attachment.sig>