zero install: application bundles, security, dependencies

Erik Garrison erik at laptop.org
Mon Nov 24 02:31:09 EST 2008


I encourage anyone interested in application bundles to please check out
http://0install.net/.  Please take a minute to watch the video demo on
the homepage; it describes the 0install process quite well.  There seems
to be significant overlap between our work with .xo bundles and security
systems and what the maintainer of zero install wishes to do:

  - Software installation has predictable and directory-localizable
    results (bundles, complete).
  - No distinction between running and installing software (complete)
  - Unprivelaged software installation, with dependencies (complete)
  - Bundle signing (complete)
  - OS environment independence (complete)
  - Software distribution decentralization (complete)
  - Safe execution of untrusted software (sandboxing -- future work for
    0install, mentioned in the demo video, and something we have put
    quite a bit of effort into)

I have used the system and it seems to at very least be a step in the
direction of resolving issues which we have encountered with .xo
bundles.  That said, it is not widely deployend and surely has its bugs.
Perhaps we would do well to try to integrate our work with this project.

Please discuss.  This has come up several times on the devel list
and in irc without resolution.  If we are interested in doing something
so similar perhaps we should try to work with the 0install community in
building a package distribution system which makes sense for our
constrained users.

Erik



More information about the Devel mailing list