Zero Install

the antidote to app-stores

This site has moved to 0install.net. The content below is out-of-date.

Introduction

From 2007-09-10 to 2007-10-6, we ran a survey on the 0install.net web-site to collect feedback. This is the write-up! The raw data and the scripts used generate the charts can be found in the 2007/survey directory. The only edit was to obscure an email address in one of the comments to avoid spam.

The survey was advertised in various places:

  1. Respondent 1 is me.
  2. Then I announced it on the Zero Install mailing list (2007-09-10), which probably corresponds to the next five responses.
  3. Then I posted an announcement to the ROX web-site later the same day.
  4. It then appeared on linuxfr.org on the 16th (which probably accounts for French being the second most popular language).
  5. I posted on the LSB packaging list on the 14th Sep.
  6. I submitted it to lwn.net, which made the announcement visible only to subscribers for the first week (starting on the 20th), and then to everyone (from the 27th).
  7. Finally, I posted on the Xfce user's list on the 4th Oct.

In total, 199 people started filling in the survey, with 66 completing it. Only the results from those who completed it are analysed here.

The survey had three sections: about the user, about using Zero Install and an optional section on publishing software using Zero Install.

About the respondents

The survey starts with a few questions about the respondents themselves (well, it's nice to start with some easy questions!):

What is your native language?

Quite a good range of languages here. Surprisingly, none of the respondents mentioned anything about better localisation support in their comments.

What is your native language?

How old are you?

How old are you?

Which platforms do you use?

This questions was just about the platforms that the respondents used, not just those they used with Zero Install.

We all know Ubuntu is popular at the moment, but the other Linux flavours aren't even close (Debian and Ubuntu were counted together, but I suspect most of the users were using Ubuntu). I should have added a write-in field for Other; lots of people aren't using any of the suggested options.

Which platforms do you use?

What architectures do you use?

We have a surprisingly varied set of architectures. I'm currently trying to get a project on the OpenSUSE build service for Zero Install, which should allow us to build binaries for multiple architectures automatically. So far, I haven't been able to attract the attention of an admin, though. That would provide support for the two most popular architectures. If anyone has an automatic build system for other platforms, let us know. You should be able to set it up to automatically download, compile and publish new versions using 0compile.

What architectures do you use?

Others responses: Sparc, Sparc64.

How did you hear about Zero Install?

Oops. I forgot to list pro-linux.de as an option. They've run lots of articles about Zero Install! linuxfr.org linked to the survey; lots of people arrived that way!

How did you hear about Zero Install?

Other comments: I wrote it, pro-linux.de, Comp.lang.ada, Mailing list, Lsb packaging list, Linuxfr.org, www.linuxfr.org, Linuxfr.org, Forum, http://linuxfr.org/~MilkaJinka/25303.html, Linuxfr.org, Linuxfr, LinuxFR.org, Linuxfr.org, Linuxfr.org, Google, StumbleUpon, Linuxfr, http://lwn.net/Articles/249934/, www.inkscape.org, lwn.net, LINUX USER Magzin, Autopackage project, lwn, lwn.net, lwn, Some people wrote about it on some web site, i think it was related to gobolinux, prolinux.de.

Running programs with Zero Install

What operating systems / distributions do you use Zero Install with?

When it comes to actually using Zero Install, Ubuntu increases its lead over the others even further. I tried it once on a Windows machine but I had some weird DLL problems, but it looks like someone managed to get it working (the other Windows vote corresponds to the Would like comment below).

What operating systems / distributions do you use Zero Install with?

Other comments: Puppy, Gentoo, Archlinux, None, (B)LFS, Would like, can help with development, Gentoo.

How have you used Zero Install so far?

Lots of the survey respondents haven't used it yet (only 39 / 66 had). I'd count Contributed patches as being a developer, though the Respondent didn't. It does bring up the point that the core devel team is a bit small at the moment ;-)

How have you used Zero Install so far?

Other comments: Contributed Patches, Can help with development for windows.

What are the main programs you run using Zero Install, if any?

The various ROX applications dominate this list. Blender, Sonata, S.C.O.U.R.G.E, LyX, Inkspace and Saxm2s are the non-ROX ones mentioned. The feeds for the ROX apps and for Saxm2s are maintained by their upstream authors, whereas most of the other programs are made available by 3rd-parties and are thus less official and/or less well maintained.

ROX-Filer and other ROX apps, blender, lyx, ROX, Sonata, ROX, Rox all, Almost everything ROX-related, and some other feeds., ROX-Filer, ROX-Filer, ROX-Session, Archive, Wallpaper, Memo, Volume, SystemTrayN, Weather, AppFactory, Blender, S.C.O.U.R.G.E, All rox apps available via 0install, Rox Filler, but I would like to run all my desktop apps using it, ROX filer etc, ROX Desktop components, ROX Desktop, Rox-filer, None to date, None so far, just testing and development, Rox filer, Rox, Rox filer, I don't use it, ROX Filemanager, ROX-Filer, ROX-Session, ROX Configuration utilities, Inkscape, Rox desktop, Saxm2s, Not really any, i'd just want an easier integration with the Gobolinux distribution.

Most of these programs are listed on the software index page. To get your program listed there, post to the mailing list and tell us your GPG fingerprint!

As a user, how important are these goals to you?

Most of the time, the only reason for installing a program as root is so that a single copy can be shared between multiple users. Since Zero Install can support sharing between untrusted and unprivileged users, users can install without needing root access.

I confess to being puzzled by the four people who find not being able to install without root access is an advantage to them as a user. "Don't care" is a reasonable answer here (lots of people own their own machines), but plenty of people clearly do want to install things more easily on machines where they don't have root access.

I want to install without needing root access

Zero Install is decentralised; if you can publish a web-page, you can publish software. Such programs are still first-class citizens, with automatic dependency resolution and automatic updates. Lots of people want to use it to install uncommon software. That's probably due to the large number of ROX users (most distributions don't include most of ROX).

I want to install less common software that isn't in my distribution

The large number of people who don't care about giving every program they install root access is a bit concerning, but understandable as in the past Linux hasn't been a target of much malware. With Linux becoming more mainstream, that's likely to change over the next few years and we may see the current complacency start to disappear.

Then again, they may be on single user machines (where not installing as root has fewer immediate benefits) and not believe that future sandboxing technologies built on this will turn out to be workable. My impression, though, has been that presenting Zero Install as "installation made easy" is interesting to people, while if I talk about "better security" they quickly lose interest.

I want to install packages without giving them root access

Installing newer versions is popular. It's very frustrating when you hit a bug, only to have the developers say Well, we fixed that 3 months ago!, but you have to endure the buggy behaviour for another three months waiting your distribution to put out a new release.

I want to install newer versions than in my distribution

And finally, the most popular of all: avoiding conflicts. In Zero Install, there is no concept of "the" installed version of a library. While there is often only one version, shared by many programs, Zero Install deals with conflicts automatically by installing multiple versions at once, as many as are needed.

I want to avoid conflicts between packages

How do you integrate Zero Install with your (desktop) environment?

The core of Zero Install is 0launch, which takes a URI and runs the named program. Since that's not a very friendly interface the idea is to add short-cuts to your desktop environment. Several such interfaces are provided, some more well developed than others:

How do you integrate Zero Install with your (desktop) environment?

Other comments: 0launch in GNOME's automatically run programmes.

The big surprise here is the extremely low number of people using it with Xfce, which has pretty good support built into its panel. Feedback in the past from those who have used it has been very positive, but the feature seems little known.

How could Zero Install integrate better with your desktop environment?

Dragging to the ROX panel could add a launcher automatically.

It would be nice to be able to drag or copy+pase a feed from the web right on to one's desktop / panel / filer and have a launcher/.desktop file/ or whatever appear without any extra dialogs or applications to deal with.

Good ideas. Just a question of getting the time to do it.

MIME type handler for execution directly from web pages.

Lots of people ask for this, but it's hard to do it securely. It's easy to make a link in a web page look innocuous, and letting any random web-page start the install process seems risky. Firefox uses this method for installing extensions, and has ended up having to add a load of features to stop it from being abused (e.g. a count-down timer after you click a link, as well as a white-list of allowed sites). Adding something to the right-click menu might work, though.

That apps can be visible in menus (xdg?) without laucnhing Zero2Desktop each time

I don't understand this one. Zero2Desktop's only action is to place launchers in menus using the XDG menu specification (which it does using the Portland Project's Xdg-Utils).

Have AddApp/Zero2Desktop install SendTo items. (Needs mime-types element in interfaces)

MIME types are an area that should be improved, but we need to guard against the situation where applications fight over MIME types. One possibility would be to search the menus when you ask to open something. e.g. No application is registered to handle LyX files. However, the application LyX which you have placed in your Office menu can open it...

Zero Install also allows another solution to this problem, though. Because programs can be installed on demand, you can associate a MIME type with an application without installing the application at all. This makes it possible for distributions to set up handlers for all know types ahead of time. The ROX-Defaults package does this already for some types; when a ROX user clicks on a .zip file for the first time, they are prompted to download Archive, for example.

I'm using E17 Desktop Shell at this moment and there is an Ibar which holds the launchers off apps, KDE4 and Gnome and thinking something similar (kicker or gdesklets with a mac like launcher), would be nice to have some kind of universal drag & drop support for all this alternatives (I don't know if there is a standard for that). May be associations with mime types would be neat, but they can be provided by rox filler.

* Being the only install method for a whole distribution, or transparent * Being able to share an installed software between users (MOST IMPORTANT)

Sharing is already supported!

With rox desktop

Integration with PackageKit ?

I was unaware of Zero2Desktop; I will have to check that out

It would be nice to have a SMALL control center that is uniform in functionality, be it on qt/kde or gtk/gnome

Yes, Zero2Desktop is not only badly-named, but rather incomplete too. Hopefully someone will send patches...

I use gnome and ubuntu, it could have lots more tooltips, demos, wizards, drag n drops, etc. Well overall alot more intuitive for novice similar to windows or mac programs installations (next, next, finish..) :)

What security software do you use or want to use with Zero Install?

Surprisingly little interest in Plash, even though this seems to offer the possibility of very good protection. SELinux and AppArmor policies are set ahead of time by the admin, which means that they tend to be rather general, yet at the same time overly limiting (e.g. "Acroread can read /**/*.pdf files"), while Plash can be much more specific (e.g. "Acroread can read any file I drag to it"). Of course, both static admin-set policies and dynamic user-set policies can be used together.

On the other hand, the current release (1.18) of Plash is rather buggy (it just hangs when used with Zero Install). Maybe interest will pick up when/if a new version appears.

What security software do you use or want to use with Zero Install?

Other comments: Don't know enough about these, UML.

User-Mode-Linux is itself available though Zero Install, and using it for sandboxing is a good idea. For bonus points, set it up to let an (untrusted) process running under UML add packages to the host's cache, so that they are shared between all UML virtual machines.

Does Zero Install provide enough support for you to make trust decisions?

Because servers can be hacked and network traffic can be intercepted, every Zero Install feed comes with a GPG signature (encoded in an XML comment). If Zero Install knows which key should have signed the feed, it can check that the update is genuine (sanctioned by the feed's author). Currently, the first time it sees a key used for a domain, it pops up a confirmation box that looks a bit like this:

Confirming Thomas Leonard's GPG key

However, there are other ways to get this information. For example, the keys could be held in the DNS records for the site, with a chain to trust from the root domain name servers, or the keys could be signed by a certificate authority. Another option is for the user's distribution to have an approved list of keys, or some kind of distributed trust system ("3 of your friends trust this key", etc).

Does Zero Install provide enough support for you to make trust decisions?

How do you use Zero Install's sharing abilities?

How do you use Zero Install's sharing abilities?

Other comments: I am the only user, there is no sharing, Didn't notice sharing abilities....

We do mention the sharing on the front page (4th bullet), the comparison page and the sharing page. People still seem to miss it, though. Good to see someone using it with VMs already.

Roll-back to previous versions

Zero Install feeds usually list all versions of a program, not just the latest one. You can choose a particular version by marking it as PREFERRED, or by marking 'better' versions as BUGGY, like this:

Marking a version as preferred

Roll-back to previous versions

Automatic update notification

By default, when you run a program, Zero Install checks how long it has been since it last checked for updates. If it has been more than a month, it starts a check in the background and, if updates turn out to be available, it notifies you using D-BUS:

Updates ready to download for Inkscape

Automatic update notification

Compile packages from source

To compile a program from source, click on the Compile button. This will use Zero Install to download the source code and any build dependencies and then build it for you. Note that, since not every library is available through Zero Install, not all dependencies can be fetched automatically, hence the large number of build failure reports saying that libxml-dev is not installed, and similar messages.

Compile packages from source

Modify packages (local feeds)

What's the point of software that you can't change? You can register your modified version of a program or library with Zero Install to have it considered alongside the official versions (you'll probably want to mark it as PREFERRED, as explained above). This feature is also commonly used with SVN check-outs, where you typically don't change the rating; if you don't update your check-out and a newer version is released, Zero Install will then automatically switch to the new release. The alternative (before Zero Install) was to install the SVN version into /usr/local, where it would solve your problem for six months, and then cause mysterious failures when it became out-of-date, long after you'd forgotten it!

Modify packages (local feeds)

Third-party feeds

You can also publish a feed with your modified version(s) of a program and people can tell Zero Install to pull updates from your feed (click on "Add Remote Feed").

Third-party feeds

Built-in bug reporting

Zero Install can generate and send a bug report for you, giving details of exactly which versions you're using (of the program and all of its libraries), error output from the program and details of your system.

One fun thing about these reports is that the paths include the cryptographic hash identifying the version. Since a program's author typically keeps all versions of their own software around in the cache, you can usually just open the same path on your own machine and be looking at exactly the same version of the file as the bug submitter.

Built-in bug reporting

I think we may have discovered a UI problem... most people didn't know about this! It does tell you about it in the Help text, though. You did all click on the Help button, right? ;-)

Choose Report a Bug... from the menu

Which features would you like to see added / improved in the future?

The roadmap page describes of load of planned features (if only I had more free time!). Better mirror support is my favourite too. Note that RPM support is now in svn (thanks to a patch from Stephen Watson).

Which features would you like to see added / improved in the future?

Other comments: Support for packages with seperate archives for different languages, More portability and architecture support, Support for another OSes / architectures, Compiling packages from sources for different architectures, More packages. Integration with apt, Integration with PackageKit, Shared cache, Integration with portage.

If you want to add support for your favourite package manager, instructions are here: adding a new Distribution.

What is Zero Install's biggest weakness?

This is very encouraging: most people see adoption as the main challenge rather than technical limitations. You'll have to help me out here, because unless lots of you ask your distributions for it to be installed by default, it's not likely to happen!

And don't forget to ask software authors to provide a feed for their programs. They need to know people will use it before they go to the trouble of reading up about it.

What is Zero Install's biggest weakness?

Other comments

Feeds often have dependencies on things that are either not declared, or things which are unfeasable to package (i.e. libc5, for Firefox)

The distribution integration now lets you declare all dependencies, even those not in Zero Install. The trouble is, that will prevent it from working at all on distributions which don't yet have integration. With 'recommended' (not 'required') dependencies, this would work though.

It does not address a clearly defined need

This was (I think) a comment from the LSB list. I think this claim is hard to substantiate. The front page list fours key features, of which all but the third are clearly features needed by many people. In fact, the major problem with presenting a "clearly defined need" is that Zero Install can solve so many real problems! It took a lot of work to get the list down to just four points (if you list too many points, people get bored and confused).

Zero Install was, of course, originally created because of a need in the ROX project: the need to be able to distribute and maintain a complete desktop environment without first getting the approval of all the major Linux distributions (who would obviously prefer to support only a small number of desktops, and ideally ones which resemble the MS Windows environment familiar to most of their users).

Most of its functionality is redundant with package management: a package management which would spontaneously propose to install soft in user account instead of system wide would remove most of my interest for zero install as a potential user

I wanto to run it oon windows

Portage is good enough

Packages too often have dependencies on binary-only packages and so can't be compiled

I need to make it easier to add support for 0compile so we can reduce the number of binary-only packages.

It should have built on an existing package system

Perhaps the most difficult kind of programming is to take an existing program and change a fundamental implicit assumption. In this case, the major (i.e. worth building on) existing systems all make the following assumption: any package being installed can be trusted absolutely. This assumption doesn't appear physically in the code; you can't just delete the line that says that and see if it still builds. Also, the required design ends up being quite different, so it's not clear there's much that could be kept from something like APT. That said, there are smaller parts that can be copied (e.g. the dependency resolution algorithm of Opium), code for handling mirrors and restarting downloads.

Doesnt intergrate with distro packages

It does now! See Distribution Integration.

The adoption must be more wide-spread. Its time that other distributions focus on Zero install as well. I think starting with smaller distributions like Gobolinux, adoption will be easier than with the biggies

It should be more easy to try 0install !! 0install needs its own TestDistribution. Just Download a small, fully prepared spinoff of one of the big ones and try it. Nowadays it is very easy to make such a thing.

Trying it is pretty easy already, with packages in most distributions ("apt-get install zeroinstall-injector", etc).

What do you think of the documentation?

Nice and well done.

Didn't read it, it was almost as intuitive as possible.

Very good. I've used everything I've wanted to with just a quick look at the documentation.

I found the website helpful and well designed.

It's good.

It's nice and complete

The documentation is pretty complete and up to date, it's good.

Good

It's fine, from the end user point of view. I have never probed like a developer but I have seen that the support on mailing list is good for people struggling with problems. About the previous question, more understanding and advocacy would let more packages and development, so is more about getting 0install in people minds.

Pretty good.

Have never had to read it

I think the documentation is great.

Ok

K

It's fine.

Haven't read it.

The website documentation is great. The step by step procedures for both using feeds and making your own were well described and straight forward to follow.

Its ok although i think it could be improved especially in regards to distributions. I have a short attention span :(

I think it's fair.

These three are probably correct, by I'll need more specific input before I can do anything about it:

Good. Needs more overview sections describing what rather than how; it's obviously all written by people who already know what it does.

Far too complex - assume I'm not stupid but also assume I know no Linux jargon.

Not precise enough. Hard to find the most basic things e.g. uninstall or finding out how to start Zero Install Cache.

Poor uninstall documentation might just be because there actually isn't a very good interface at present; you have to select each package to remove manually, as explained in the the new user tutorial. I'm not sure that "starting" the cache means. The cache is just a directory.

And finally, the LSB list again (I think this was the only request for less advocacy!).

The advocacy is too pushy and is ignorant of many issues in package management and distribution building

If only there had been space in the form for the poster to list some of the many issues. Alas, we must remain ignorant.

What did you find to be the most confusing or difficult aspect of Zero Install?

How to change the look of Rox.

The fact that it says "will automatically download dependancies" and then when I run the program I get a list saying "you are missing ......."

Listing dependencies of packages. i.e. I'm not sure libc5 should be a 0install package, and Ubuntu doesn't have a package, but some binary distributions (i.e. Firefox) are compiled against libc5. I can imagine many packages would fail without Python, or GTK, but it somehow seems like a lot of work packaging things like that that we assume are on most systems. I certainly don't want to be packaging a lot of dependencies just to get one package working. We could do with a core library of dependencies being packaged, and then everybody could link to them, and perhaps they could be included in 0publish as standard dependencies. Also, it may be possible to examine the current machine to see if the dependencies are already there - i.e. check if GTK exists at a specified version, if not download the 0install package, if it is we're alright. If 0install is to become more widely-adopted, we need more stringent dependency-listing because more people will be using it on more systems.

As noted above, this is now somewhat supported.

Wanting to go in an app's cache folder for whatever reason, and having to randomly try hex-string-named folders till I find the right one. I would like them to be called "PackageName - VersionNumber" etc. with the hexadecimal hash string stored in a file inside each directory. Something like this: implementations/ROX-Filer 1.1/2A32BDF834C.hash And if someone installed a bunch of different packages with the same name and version, there could be a naming scheme like ROX-Filer 1.1 (1)/2A32BDF834C.hash ROX-Filer 1.1 (2)/325986BD6F3.hash ROX-Filer 1.1 (3)/235B5DCD602.hash Just an idea.

Here's the problem: you don't the know the exact cryptographic hash of the program you want, but you know it's in the cache somewhere. If only the directories had simpler names! The trouble is, any user can put things in the cache. If you don't know the hash, you can't trust it! Making it easy to browse the cache "Hey look - there's the Gimp! Let's run it!" is therefore an anti-goal. However, finding things isn't too tricky. If you run 0launch with the -v flag it'll tell you the full paths of everything it's running. If you want a machine readable version, run with --get-selections. Here's a little script (which I call 0which) which takes a 0alias script and prints the full path of the main executable:

#!/bin/sh
if [ "$#" != 1 ]; then
  echo usage: 0which SCRIPT
  exit 1
fi
URI=`0alias -r "$1"` || exit 1
0launch --wrapper=echo -- "$URI"

It's somewhat difficult/confusing to uninstall applications.

That it's called "zero install" yet people are installing stuff. I have gotten used to the term now...

Tries to do too much things at once (one can create packages from deb packages, Autopackage, Kilk, sources, etc...). Tries to be a onze-size-fits-all app, which can lead to too much complexity.

Installing it, from the point of view of the end user, and the problem is not getting it by default on popular distros, but integrated to the web browsing experience of the casual unix desktop user. Something like a firefox plugin/extension would help a lot or the way that autopackage creates packages which install autopackage when it is not present. We need somekind of bootstraping for 0install, from the usual unix desktop experience, to the 0install experience and links to me between both experience can be made in the browser via extensions/plugins; in the mime types: you try to open a file that doesn't have the proper viewer and voilá, you get it via 0install; or in bundles: you get a 0install self contained bundle that, when is launched install 0install, and after that you can use to its full potential --even sharing dependencies (somekind of mix between the autopackage way and the 0install way)

Creating zero install packages that can share libraries.

Finding public keys used for packages

The keys themselves are in the same directory on the web-server, named after the key ID. 0launch should download them automatically, although authors sometimes forget to add them. Let the packager know if so. 0publish-gui automatically exports the key, and FeedLint checks that it's there.

It should have a GUI built in

To have 2 package manager...they should use something like package.provided from gentoo: 5.c. Non-Portage Maintained Software Using Portage with Self-Maintained Software In some cases you want to configure, install and maintain software yourself without having Portage automate the process for you, even though Portage can provide the software titles. Known cases are kernel sources and nvidia drivers. You can configure Portage so it knows that a certain pack stage is manually installed on your system. This process is called injecting and supported by Portage through the /etc/portage/profile/package.provided file. For instance, if you want to inform Portage about gentoo-sources-2.6.11.6 which you've installed manually, add the following line to /etc/portage/profile/package.provided: Code Listing 4: Example line for package.provided sys-kernel/gentoo-sources-2.6.11.6

This is what local feeds are for.

Properly and easily setting up local feeds.

To get librarys or apps into the search path so that other applications could use it AND to get zero install apps to not use the librarys coming with the distribution.

The fact that Zero Install doesn't change the behaviour of distribution-provided packages is the reason the distributions allow the package in their repositories (they reject autopackage mainly for this reason). You'd really have to know what you were doing if you wanted to make a distribution-installed binary depend on a Zero Install library!

While it is not particularly difficult to do the initial install the launcher, it is quite annoying to have to do it on every machine on which I use it. It would be helpful if distributions started shipping with it and made it part of the base install for at least desktop systems.

To integrate it nicely in my system.

It could be more easier or intuitive, like mac program installs or windows installers

Couldn't find out to uninstall. Found out later it was related root rights, which couldn't be modified wo. f***ing the 0 package up in ubuntu.

Once my ROX filer stopped working because it tried to download a newer version and there was a mismatch in zero-install versions. Stopped using it at that point.

I don't understand the last two; please report bugs to the mailing list!

Didnt find it really confusing... but it would be nice if Zero Install could rally more people behind its idea AND that it would be able to continue if main devs no longer have time to maintain (I see that Elektra registry project moves so slow for example, that makes me worried)

Elektra worries me too. It's a shame, because they seem to be to only people who've figured out what developers like me really want from a configuration system: to depend only on an interface, not an implementation. Meanwhile, the GNOME devs have discovered that people didn't like depending on Orbit and are busy replacing it with a dependency on D-BUS. Madness. gconf was fine. D-BUS is fine. Flat files are fine. Just don't force us programmers to choose!

Oops. Got distracted there. The good news it that, unlike some projects (like Elektra), Zero Install does have real users. Even if no other project ever adopted it, we'd still need it for ROX!

We'll finish with the LSB list again:

Lack of mandate

Any other comments?

In the "Which of these features do you use?" section, "No answer" corresponds to "I do not use this feature at the moment, but that doesn't mean I don't need it, or value its presence".

No infrastructure for managing packages, building for multiple architectures, dealing with portability issues, etc.

To the question "What is Zero Install's biggest weakness?", I want to add that more packages would be nice.

Great concept! I can't wait until distributions get rid of the creativity stifling easy-to-break centralized package management model and adopt zeroinstall's (at least for everything but the core of the OS)

0install is superb, thanks a lot for it. I will reinstall it in my Sabayon/Gentoo Linux on 64 bits and I will see how can it provide me for the packages I want, optimized for this architecture. Cheers

Keep it up!

I don't use Zero Install yet.

It should be very well implemented wiht the distribution... also the package manager of the distribution should be able to use it like for instance portage that can use .deb or rpms

0 package needs to be updated to current distribution version e.g. Feisty or later Gutsy. It is not good enough with only Edgy updated package.

Note that the Edgy package also works on Feisty and Gutsy (but not the other way around; Ubuntu packaging policy is to depend on the latest version other packages, even if you don't actually need such new versions, so the official packages can't be used on older systems).

Zero Install is usable but if I had the opportunity to get ROX Desktop as Debian packages in recent versions I would prefer the debs.

Keep up the great work! This is an excellent project.

Spread adoption guys!

Didn't ever try zero install

We need a test0install cd to download ! It should be a small system and should demonstrate the possibilities of 0install at its best !!!

Keep the good work :)

Publishing software using Zero Install

Nearly half of the responses were from people interested in providing software, although only a few of them are already doing this.

Are you interested in using Zero Install to distribute software?

Do you use Zero Install to distribute software?

What format(s) do you use for your packages?

Zero Install supports a wide range of archive formats. This allows people to publish their packages through Zero Install without having to change the packages at all in many cases. All the different formats are treated as simple archives (even Autopackages, where the executable prologue is skipped) since running pre- or post-install scripts doesn't make sense with a side-effect-free caching model of installation.

What format(s) do you use for your packages?

Other comments: Darcs repository.

Downloading directly from an SCM system is an interesting possibility, especially with systems like GIT which identify particular versions using cryptographic hashes in the same way as Zero Install itself does.

Why do you (want to) use Zero Install?

As an upstream author, having to provide a different package for every system is a lot of work. Every package is a new possible source of bugs and mistakes (did you forget to add the LICENSE file to the Debian/etch package? did you forget to strip debug symbols from the Fedora RPM?). Building and testing them yourself requires you to manage lots of virtual build and test environments, while getting others to do it for you means more risk (who are these people?) and packages falling behind (why hasn't the Mandriva package been updated for 12 months?).

There are also various reasons why distributions might not be willing to include a program. Typically, they feel the user base is too small for it to be worth their while supporting the package. This is very reasonable, but they need to make sure that people can still install such programs easily, or they will never grow! Zero Install is especially important for developers of new libraries: no-one wants to use your library until every distribution includes it, but no distribution will include it until programs are using it!

Why do you (want to) use Zero Install?

Other comments: Because I like 0install, and I support it by packaging software. Also, one day (when 0install is a little more mature), I would like to be able to install an OS, copy/paste some feeds, and have my usual environment appear., Provide user an easy way to install fresh release without waiting for distribution packages..

How do you find the developer documentation?

The word "find" confused a few people here. I'll try to be clearer in future!

Great. That's what I was referring to in the other section on documentation. I haven't used any end-user documentation as far as I recall. Maybe ages ago., Google, Good., A bit confusing, Ok, I have not read it yet. I will try at the end of this year, Havn't read it yet, Good., From homepage, It was a link on the front page of the website. Well written, easy to follow.

What did you find most difficult about providing software using Zero Install?

Creating binaries for different archs (x86_64, etc).

There are some dependencies that aren't already packaged, and I really don't feel like maintaining a package for some library I don't care about.

Lack of libraries already packaged

1) Dependencies. Most libraries aren't available for 0install, so I had to package them as well. 2) Programs that include hard-coded paths must be patched.

The software needs a bootstraping for normal desktop unix experience to 0install experience. Look my previous answer about this.

Building packages that use shared libraries.

Creating a package

Remembering to update the feed with the latest version, and making sure that my signing key is available on whatever dev machine I am using for the release at the time.

Which tools do you use to make packages?

0publish-gui is a GTK application to help you publish a package. As long as your package is relocatable (can be run from any directory), this is very simple and only takes a few minutes. 0publish is a command-line tool, intended for people writing scripts to update their feeds automatically. 0compile downloads and builds a package from source. FeedLint checks your feeds for problems. All these programs are, of course, themselves available though Zero Install.

Which tools do you use to make packages?

Other comments: Crazy shell scripts that fiddle XML manually, as seen in my Firefox packages., I have not started the packaging, Manually, no other option at the time, Pacman on Arch.

What improvements would you like to see in the future?

See the roadmap for details of these features. Next on my list of tools to write is a script for making releases directly from your SCM (i.e. something that will handle tagging the revision, building the packages, running the unit-tests, etc).

What improvements would you like to see in the future?

There were no "other comments" here.

Would you be interested in commercial support?

As a hobby project, I don't get as much time to work on this as I'd like, but if there's money available then I may be able to sort something out (I can't promise anything). Write to the mailing list (or email if it's confidential) and tell us what kind of support you need!

Would you be interested in commercial support?

Any other comments?

"Integration with version control systems" is very interesting. Perhaps specify a "trunk" (rather than stable, or testing, or whatever), and the latest from .../proj/trunk is downloaded and executed (assuming it can be without compilation).

Would like a mechanism for distributing *source* and having it built on target machines, to avoid having to build and distribute binaries.

This can be done with 0compile, but it's not possible to share between users in that case, because there's no way for one user to know they can trust a binary compiled by a different user. A trusted build service (local or remote) could solve that problem.

I hope to see in a near future an entire distribution built onto the 0install platform!

More sofware

I am not a packager, yet this answer is mandatory, so i ticked "no".

Feel free to mail me if I can help you with making the windows build, I use Python. HIDDEN@gmail.com

Emailed and awaiting response.

Because i make ebuilds...but if zero install works across all distribution it's great

The real reasons I like to distribute software through zeroinstall: * my user's shouldn't need root access or much experience with installing software from source * zeroinstall checks for updates every so often for them, so I know that it is unlikely that many people will be using very out-of-date versions of my projects. Again, keep up the excellent work!