Hacker News new | past | comments | ask | show | jobs | submit login

Linux package managers are looking like one of the only straightforward ways to distribute applications securely.

Unless you are a small independent app developer. Virtually no distribution wants to take proprietary software. And you have to package for a wide variety of different distributions.

On the other hand, the Windows and OS X App Stores are awful.

The Mac App store works pretty much effortless for me. It's sometimes a bit slow, but other than that it's pretty trivial to use.

You can run your own repo. It's basically a folder with some metadata. DEB and RPM variants should get you 80% of the way.

How is that any more secure than just providing a download?

It's not at the time of installation, but prior to updates the package management system will check signatures of the packages. (And it will only accept packages signed with your key, so the attack used against Transmission wouldn't work)

The question is whether we should trust proprietary software even if it is downloaded securely. I consider "hard to get proprietary software into the official repos" as a feature. Unfortunately it's not as hard as you make it sound in most distributions.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact