[EROS-Arch] Re: [E-Lang] Re: Interaction Design for End-User Security

[Marc Stiegler]

> The whole idea of executable installers is suspect. A declarative
> package would be
> far easier to verify. This could also give requirements as to shared
> libraries, fonts, etc (including version information).
> >From this information, a factory could be created. It is stated that a
> factory has no capabilities -
> this seems a bit broken. A factory can have capabilities that every
> instance of the app will need.
> Eg to shared libraries.  So the package manager would install these
> capabilities into the factory.

This is a fascinating idea, and one I am embarassed not to have thought of
myself. At first glance, I cannot think of an advantage to executable
installers versus having a single installer as part of the TCB that
interprets a declarative list of application requests/proposals for
configuration (such as a nickname for the default pet name, for example).
Perhaps there is some form of useful flexibility that an executable
installer would bring to the table, but I can't think of one offhand.

--marcs