Summary

Some software cannot be incorporated into Ubuntu's comprehensive package repositories. We should explore options for providing Ubuntu users with convenient access to such software.

Rationale

As Ubuntu gets bigger more and more commercial vendors are interested in providing their software for Ubuntu. We need a convenient way to install this software. Currently installing software that is not inside our archives is harder than it needs to be.

It is possible to provide various levels of support to the vendors. In the simple case we help the vendor to make it easy for our users to discover their software and install it. This can be done via gnome-app-install and by providing support to install debs that are designed for Ubuntu. At some point in the future it may involve supporting some infrastructure to pay for software and issue license keys.

Use cases

Scope

This spec covers Ubuntu, the front end initially covers gnome.

Design

There are two different use-cases that we want to support. The first is to provide commercial software with gnome-app-install that can come from external vendors. The second is to support direct installs of debs.

Extending gnome-app-install

Gnome-app-install already contains desktop files for the available applications in universe and multiverse. Those desktop files contains the keys:

X-AppInstall-Package=synaptic
X-AppInstall-Section=main

This mechanism will be extended for proprietary applications to include additional keys. The critical factor here is the concept of channels. A channel is a way for the vendor to provide software. Technically it is a sources.list fragment with additional meta-information that will be added to /etc/apt/sources.list.d/ (support in apt for this needs to be written/merged). The meta-information includes a icon for the channel and desktop-files/icons for gnome-app-install. We can use this pseudo desktop files for things like server applications as well.

The channels will be provided with a "proprietary-channels" package. Updated versions of that can be put into "dapper-updates" if new vendors join in. The sources.list.d fragments points to a repository setup by either the vendor or by us (if the vendor pays for that).

The vendors will have to send us updated channel information if e.g. if they put more user-visible packages into their repository or if there are URL changes. The proprietary-channels package is updated then.

The following information for proprietary applications is required:

The following information is put into the channel package for each vendor:

After turning on proprietary gnome-app-install will install the proprietary-channels package and read the additional information in it. The user can then search (or browse) the commercial offerings. If he decides to install one of them he will be subscribed to the vendors channel (his sources.list.d/ will be updated) and the package he selected will be installed. From this point on the vendors packages are in the normal "apt" space and available with apt/synaptic/aptitude. For packages that require the user to pay (and that are not usable without) a warning is displayed. This will ensure that the user does not download a big application, only to discover that he won't be able to run it without paying for an expensive key.

In order to support hosting of proprietary software on our servers we will need to create a new component, called (to be confirmed) "proprietary". This is where we will store debs for software that is supported by somebody, but is non-free and possibly non-redistributable. It must go into a separate pool to make sure that it's not mirrored.

It's the vendors responsibility to support security updates in it's channel. We can't do better than the vendors here and we rely on them.

installing debs directly

We also provide a convenient way to install deb files directly in a safe way. The user should be able to see what the debs contains (description, files) and the dependencies need to be analyzed and we have to check if they can be installed.

Future

In the future we may support keymanagment/payment ourself. This should probably integrated into launchpad. We may also support repositories that are "lockable" and that are only unlocked after some transaction.

Implementation

GUI

The option to turn on the proprietary channel/repository should be easily discoverable, so it will be on the front page of the Add Applications tool.

We will add these two checkboxes to the front page of the "Add Applications" tool (gnome app installer):

    [x] Commercial software
    [ ] Unsupported software 

This will turn on the universe / multiverse / commercial components in the following fashion:

Unsupported OFF

Unsupported ON

Commercial ON

commercial

commercial, multiverse, universe

Commercial OFF

(main, restricted only)

universe, multiverse

The commercial application component should remain turned off by default in Ubuntu.

Install debs directly

To install debs in a safe way, there are two options. One is to add support for it to libapt itself. There is a baz branch for this in "apt--local-install--0". The current patch is rather intrusive and the apt maintainer does not particularly like it.

The other alternative is to provide an application (which can be part of the apt package) that will analyze the deb and its dependencies. If they can be satisfied it will be installed, otherwise it won't.

Code

Install debs directly

Some prototype work is being done to install deb files directly in the bzr archive at http://people.ubuntu.com/~mvo/bzr/gdebi--main

There are also test-packages available in Dapper or at:

deb http://people.ubuntu.com/~mvo/gdebi/ /

Outstanding issues

What is a good list of proprietary applications to have?

we could look at this list for more ideas: http://www.ubuntuforums.org/showthread.php?t=80295

Comments

Please, check the following link for package installation options: How to install ANYTHING in Ubuntu!http://monkeyblog.org/ubuntu/installing/

A distinction should be made between commercial and proprietary. These are not the same! http://www.gnu.org/philosophy/words-to-avoid.html#Commercial http://www.gnu.org/philosophy/categories.html -- Jeroen van Splunder


Could it be possible to remove all kde apps from the list if the default desktop are gnome. it should be possible to show the kde apps with a radio button. -- Alex Thomsen Leth


How about instead of a single official repository, a repository white-list is implemented? This list could contain all the official Ubuntu repositories, Commercial repositories that obide by a set of guide-lines and other 'safe non-ubuntu' (known non-spyware) repositories (eg debain).

Such a list would also enable a safe way to 'single click' web apt-get. eg ThirdPartyApt. -- ArwynHainsworth


Info (!) Note to those who are still commenting on this spec: it has been implemented. See the launchpad spec tracking page. (mdke)


CategorySpec

ThirdPartyPackages (last edited 2008-08-06 16:28:30 by localhost)