It’s a discussion that has been had approximately five million times. It will probably go something like this:
Distro maintainers: “PackageKit just needs to implement interactivity; we need that feature!”
PackageKit folks: “Not on the roadmap; plugins should choose a default safe option instead of nagging the user.”
D: “The default safe option is often not what the user wants, though; In cases where there’s a file conflict or an untrusted signature, the default safe choice will be to block the package from installing, which is what we do right now and people are complaining about it.”
P: “Then do what the user asked even if you consider it to be unsafe.”
D: “This is too dangerous; the user needs to be informed of the risk of what they’re doing.”
P: “Maybe, but not at the level of PackageKit. If the user can do dangerous things, they should be warned about it before the moment they finalize the transaction. By that point it’s really too late.”
D: “Maybe, but that’s out of our control since PackageKit doesn’t provide a way for us to write such functionality into our plugin. It would need to be done in app stores like KDE Discover and GNOME Software.”
P: “Then work with them to do that.”
D: “But we aren’t familiar with those codebases. We don’t know GTK/Qt/C/C++/QML/etc and we aren’t GUI app devs. It’s also not clear what actually does constitute a 3rd-party repo from the perspective of those apps. PackageKit doesn’t make this distinction. We just want PackageKit to offer the same workflow people get when they use the command-line package manager.”
P: “The command-line package manager offers a garbage UX, which is why we aren’t replicating it. Grandma can’t be trusted to use sudo apt upgrade
.”
D: “Right, but grandma isn’t the one adding untrusted packages to her system. It’s her nerdy granddaughter who’s doing this.”
P: “Then the nerdy granddaughter should use the command-line package manager for herself if she likes to live dangerously. And if it’s for her grandma’s computer, she shouldn’t tinker with the repos at all.”
D: “But she needs to add 3rd-party repos to get DVD decoding and media codecs working so grandma can watch movies, which exposes grandma to this problem.”
P: “That sounds like a you problem. Just ship that stuff in your main repo.”
D: “We can’t due to legal risk.”
P: “Then maybe you should coordinate more closely with those repos so there are never file conflicts or untrusted signatures and the problem never happens.”
D: “Still too much legal risk, sorry.”
P: “Ubuntu manages to get away with having one checkbox in their installer to do this and they’re a big company. Why can’t you do the same thing?”
D: “We asked our lawyers the same question and they told us Canonical is taking on a level of legal risk to do this that they’re not comfortable with us taking on. So we just can’t do it, sorry.”
P: “Well, then you’re boned. I’m sorry too.”
This has been “PackageKit: A Drama in One Act”