Zero Install Project Makes 1.0 Release

tal197 writes "Zero Install, the decentralized cross-distribution software installation system, announced 0install 1.0 today after 8 years in development. 0install allows authors to publish directly from their own web-sites while supporting familiar features such as shared libraries, automatic updates, and digital signatures. Is this the end of the walled-gardens of traditional app stores and Linux distributions and the beginning of a true 'Web of Software'?"

The Future

[Nerdfest]

Sadly, things now look like they're heading in exactly the opposite direction.

Is this...

[fyngyrz]

...the end of the walled-gardens of traditional app stores and Linux distributions and the beginning of a true 'Web of Software'?"

No. It's not even going to be a blip on the radar. The walled garden approach, particularly as implemented by Apple, provides a (so far) safe and comfortable buying and operating environment for users; opening your system (any system - phone, computer, heck, even your watch) to what amounts to an anonymous and potentially shifting web of software repositories isn't going to fly

No

[Anonymous Coward]

Considering that no-one uses it, I sincerely doubt it.

Works well

[GuerillaRadio]

Just installed Firefox 4.0.1 on Debian Squeeze seconds after reading about this. Seems like a good way to get updated apps on a stable base.

Re:

[lolcutusofbong]

deb http://mozilla.debian.net/ [debian.net] squeeze-backports
# apt-get install -t squeeze-backports iceweasel

Iceweasel 4 on Squeeze/Wheezy is fun. Fuck your newfangled installer.

Re:

[AvitarX]

If you have .NET and Microsoft Visual C++ 2008 Redistributable Package, I don't think you need admin for the initial set-up. The software list includes some very useful software (FileZilla, Notepad++, AviDemux, Audacity, UltraVNC (though I imagine if I need the server it is best to install as admin), VLC, and 7-zip (though I doubt it has the shell integration)) and I am likely to use it for some of those going forward (needing admin to update notepad++ is a nuisance). I just wish I could make a quicklaunch

Not sure what the user benefits are

[monoqlith]

It seems to work very similarly to other package management systems. The main difference is that it stores the downloaded dependencies in a user-owned cache, and that the application developer, instead of the particular distribution, defines the publically metadata package definition that lists all the dependencies. Are there any other differences?

If this is right, I don't see wide adoption unless distributions start replacing their official package management systems with it. If you're trying to make a uni

Re:

[Anonymous Coward]

why not just make a universal, self-contained application bundle, similar to the Mac OS X .app bundle, that contains all necessary dependencies without having to download them separately?

Because then every application developer is responsible for patching every bug in every library they use. In the centralized-distribution model, only the maintainer of each library's package has to care about flaws in that library, and when they're patched, every other package that uses that library is fixed automatically.

Re:

[monoqlith]

i understand that, but on the mac project that i work on, we use an automated package management system to compile the dependencies, which we then include inside the app bundle. most of the time we don't have to patch anything, and if we do - to get something to compile - we just send the patch upstream. the main difference ends up being that we're the ones who run the compile/install command instead of our users. the benefit is that the user just drags and drops the application bundle into their applicatio

Re:

[bluefoxlucid]

No, he doesn't mean patch "because my application broke!"

You write an e-mail client.

You give it to your user in a .app. It's v1.03 of MacMailGarbage.app.

Now you release v1.04 of MacMailGarbage.app, your user has to download it.

Now libsnmp is found to have a bug. Linux users update libsnmp. Apple users ... well, you have to rebuild MacMailGarbage.app with the new libsnmp, put it in the v1.04 .app, and ship it to your users. If you don't, then MacMailGarbage.app can be hacked by sending a deformed

Re:

[yarnosh]

Now libsnmp is found to have a bug. Linux users update libsnmp. Apple users ... well, you have to rebuild MacMailGarbage.app with the new libsnmp, put it in the v1.04 .app, and ship it to your users. If you don't, then MacMailGarbage.app can be hacked by sending a deformed HELO from the server, executing malware on the user's machine.

You're assuming that Apple does not include such basic libraries in the OS. They do. It isn't normally an issue.

Now libssl has a security hole. If you don't release a new version of MacMailGarbage.app, your users will be susceptible to rogue SNMP connections, possibly by a MitM.

Again, SSL is a basic OS X API.

Now libpng has a security hole. Again, Linux users update libpng. Mac users have to update...

And again, PNG support is built into OS X. Not an issue. I understand your point in general, but 3 of the 3 examples you gave off the top of your head are not really issues at all. In practice, this is not a major concern for OS X developers or users.

As far as I am concerned, .app software packaging is a HUGE advantage that OS X has over both WIndows and Linux. I w

Re:

[yarnosh]

I don't see how .app packaging is any different from statically compiled binaries.

It is different because they are dynamically linked (for the most part) against system libraries. THe point is that OS X is a broad, stable target unlike the highly fragmented Linux distributions. A Linux developer can't even depend on you having GTK+ on your system, must less the correct version of it. If I target OS X 10.5, on the other hand, I know exactly what GUI libraries will be available and there's no need to statically link or code in libraries dependencies for a package manager to work out.

The

Re:

[mdmkolbe]

Besides, that greatly favors popular libraries and ignores libraries which may not be pre-installed whereas package management with external libraries are neutral to this.

And I should care... why?

Because if developers choose what libraries to use mainly based on whether the library is likely to be already installed, then new but useful libraries are unlikely to become popular enough to become a standard install. In addition it becomes tempting for the developer to just implement the libraries functionality, but of course that is a drain on application developer time and is likely to have bugs that were already shaken out of the library. In an ideal world, developers would choose what library to us

Re:

[yarnosh]

Because if developers choose what libraries to use mainly based on whether the library is likely to be already installed, then new but useful libraries are unlikely to become popular enough to become a standard install.

So? I'd rather have a consistent development target, even if it is mediocre, than a mishmash of incomparable libraries like we find on Linux. That's definitely not a good situation to be in. You end up installing all the libraries and all of you apps look and behave differently.

In addition it becomes tempting for the developer to just implement the libraries functionality, but of course that is a drain on application developer time and is likely to have bugs that were already shaken out of the library. In an ideal world, developers would choose what library to use solely based on how well the library does the job.

Except that doesn't happen. People choose libraries for all sorts of reasons. Mainly it is just whatever you're comfortable with or what you want to tinker with or whatever aligns with your programming language of choice. Like C? GTK

Re:

[mdmkolbe]

I'm sorry but as a developer myself, my experience completely contradicts your claims. Perhaps this is because when I think of libraries, I'm thinking about things for implementing application internals (e.g. SSL, HTML parsing, B-trees, hashtables, lightweight atomic persistent storage (e.g. Berkly-DB or SQLite)) rather than GUI libraries. While I agree that very few developers would re-implement GTK or Qt, in my experience, developers do often reimplement functionality with things like strings, HTTP or H

Re:

[tal197]

You raise an excellent set of points. So how does 0install fix this?

Firstly, you don't need to find packagers for each distribution. You create one XML file, which allows everyone to run the program.

When the new GCC comes out and breaks your program, you just change the version restriction in your XML:

<requires interface='.../gcc'>
<version before='4.6'/>

Likewise with the new libpng, and bdb. Other programs will start using the newer versions, but your program will stay with the version th

Re:

[hedwards]

No. I've used Windows and I've never had trouble with viruses. It's because I'm careful and have antivirus software. The reason why it's a problem for some people is that they're not careful and install from untrusted sources.

Personally, I like FreeBSD's ports as well as some of the better Linux repository systems. RPM can rot in hell for all I care, hopefully they've finally managed to figure out that making users download each item for an update isn't the way to go, especially without providing a list of

Re:

[yarnosh]

Everything you say applies to servers, not desktop end users. As a user, I most certainly do want to latest and greatest. In fact, that's what always made using Linux on the desktop so frustrating for me. I felt so straight jacketted by centralized package management.

Re:

[Lennie]

That is why people on Ubuntu add a ppa for the app they care about (just geeks, most users don't care btw).

Re:

[yarnosh]

But the "latest and greatest" aspect is just part of it. I want to be able to install any version I want/need, sometimes with two different versions side by side (Firefox 3 and FIrefox 4, for example). Also, I like being able to run an app from wherever I want. Hell, on OS X, I can launch most apps right from the compressed disk image it came in. I do that kind of things with little games I want to try out or whatever. Or I can carry an app around on a USB stick. It is just so handy, especially if you have

Re:

[WorBlux]

Or upgrade to something with a rolling release.

Re:

[yarnosh]

Still amounts to a straight jacket. You get latest software, but you still are forced to run whatever happens to be in the repo and what happens to be current for you your distribution and it installs only where the package dictates that it be installed. Also, you are forced to update things you may not want to because that's what your latest and greatest software happened to built against. It is all so tightly coupled. Overall it is just a bad user experience for anyone who may not want to do things exactl

Re:

[yarnosh]

Eh, you do know you can build your apps from source against whatever damn libraries you please, right?

Sure, and then you suddenly lose any benefit that you might have gained from package management. In fact, this is one of the things that annoyed me so much about running Linux. If I wanted to do anything outside of the package manager, I was prtty much on my own and my system suddenly became 10 times harder to maintain. If for some reason I wanted to upgrade the base system, I'd have to go back and recompile all that custom shit by h and.

We've got a few nifty little things like make, gcc, and gnu autopuke that can make that happen for you. And at least on Debian and slackware systems, it's barely any more work at all to rebuild an entire package, then install it through your existing package manager, so you're not even confronted with the issue of dependency resolution not knowing about locally installed apps.

Have you actually tried backporting packages on Debian systems? You k

Re:

[WorBlux]

Not all rolling releases are binary-only. Gentoo lets you do source based if you want. Keywords let you use pulse audio on every application if you want, or not have that library at all on the system. It's fairly straightfoward how to keep multiple versions of a package as well. To get custom locations you can copy the ebuild to an overlay and change a couple of the options that get passed to the configuration tool if your into that sort of thing. There are also methods to use versions that are newer of old

Re:

[yarnosh]

Keywords let you use pulse audio on every application if you want, or not have that library at all on the system.

Right, because the sound library my applications use is exactly the kind of thing I should be thinking about as a user. Why the hell should I have to care what audio library I'm using? Why is that still an issue on Linux? It is 2011 for Chrissake.

Yes, I used Gentoo years ago and it was the biggest waste of tme of all the Linux distributions... once I got past the novelty of compiling everything tuned for my CPU. I'm getting too old for that shit.

It's fairly straightfoward how to keep multiple versions of a package as well.

More straight forward than just dragging, dropping, and rena

Re:

[adolf]

Right, because the sound library my applications use is exactly the kind of thing I should be thinking about as a user. Why the hell should I have to care what audio library I'm using? Why is that still an issue on Linux? It is 2011 for Chrissake.

Indeed, it is 2011. Linux distributions could just emulate Windows 7/Vista by eliminating all fancy sound card functions altogether, while moving backward in terms of hardware functionality and at the same time and presenting a simple (but very limited) API for so

Re:

[yarnosh]

I could be mistaken, but it is my understanding that Windows is rather sophisticated in terms of utilizing audio hardware wheres on Linux they're still trying to figure out a common way to mix audio from different applications. So I'm not saying Linux should just copy or emulate Windows, but all that "choice" is crippling Linux on the desktop. And it isn't like there's no choice on Windows. There's a dozen different libraries and APIs for audio.

Re:

[adolf]

Windows has gone backward with audio hardware support for entertainment with Vista and 7, and has done a very thorough job of making things as dumb as possible, by crippling Directsound.

It used to be sophisticated, and support all kinds of hardware acceleration for reverberation, filtering, occlusion, and surround sound (both actual and simulated) with just about any number of speakers.

Now, it's up to developers to implement these functions in software, and the CPU does the heavy lifting (which admittedly i

Re:

[WorBlux]

Right, because the sound library my applications use is exactly the kind of thing I should be thinking about as a user. Why the hell should I have to care what audio library I'm using? Why is that still an issue on Linux? It is 2011 for Chrissake.

Because they provide different functionality and advantages. A lot of the time distros will guess which is best for thier user. kitchen-sink or media-server distros will use pulse, slim will use just plain alsa, and and studio/artsy distros will use jack.

Yes, I used Gentoo years ago and it was the biggest waste of tme of all the Linux distributions... once I got past the novelty of compiling everything tuned for my CPU. I'm getting too old for that shit.

That's not even the biggest advantage though. Constructing from a small base up, along with being able to define system wide use flags makes it relatively easy to customize a system to your needs and expectations.

More straight forward than just dragging, dropping, and renaming app bundles?

Nope, but both packages will link or compile

Re:

[yarnosh]

Because they provide different functionality and advantages. A lot of the time distros will guess which is best for thier user. kitchen-sink or media-server distros will use pulse, slim will use just plain alsa, and and studio/artsy distros will use jack.

But almost nobody cares. That's what I'm saying. I'd rather just have it work and not have to think about it. I have never worried about the underlying sound architecture on any other major platform besides LInux. Linux makes it an issue where it should not be. It is choice for the sake of choice, not for the sake of the user.

That's not even the biggest advantage though. Constructing from a small base up, along with being able to define system wide use flags makes it relatively easy to customize a system to your needs and expectations.

Meh, it is overrated. I spent years and years tinkering with Linux, making it do what I wanted, customizing it to my "needs" until I realized that I wasn't actually getting that much

Re:

[yarnosh]

If the operating system base you're installing on is stable and broad enough such that few libraries need be packaged with the user intalled application, then it is really not that much of an issue, like on OS X. But Linux is just too fragmented for it to really work. There's the LSB, but I don't think it is strong enough.

Re:

[skids]

Having multiple copies of shared libraries is bad for the system memory profile, not to mention bad for leaving lingering bugs long after they have been fixed in the library's mainline code.

Which is why a solo approach to dependency management has sever limitations. Distros may have messy process, but they are on the right track in that a lot of collaboration, and the tools to make it smooth, is needed to do things right.

Re:

[monoqlith]

In 0install, it seems like you still have multiple install points unless you enable the system-wide cache that lets any user install into it. Otherwise there might end up being multiple copies anyway.

as far as the lingering bugs go, this may be true. but if, for example, i'm writing a GUI front-end to a back-end library , it becomes my responsibility to update that package so that my own application is bug-free, no? and if there is no bug, then no harm, no foul in letting my library lag behind a little bit.

Re:

[monoqlith]

(but point taken about multiple copies in memory.)

Re:

[AvitarX]

Even still, how much of a burden is it?

At least for single/few user desktops I can't see it as too much of an issue. I mean, how much memory is really wasted on a newish desktop?

My total size thus far is 229MB (about half of that is eclipse), even if the wasted memory is 20-50MB an application it's not going to make too big of an impact on a single user system. And if one wants, it can even rely on LSB I believe, eliminating a lot of the need to include copies of base libraries, and a decent starting point

Re:

[tal197]

... And if one wants, it can even rely on LSB I believe, eliminating a lot of the need to include copies of base libraries, and a decent starting point (though I can't tell if 0Install allows that, I think ROX application directories do, and this looks like a way to replace them though.

I'm not quite sure what you're asking here, but to be clear:

0install always shares libraries and other dependencies. For example, if your program depends on Java then 0install will use the distribution's version of Java (if installed), or 0install may download a 0install package of Java, or it may get Java from your distribution (using PackageKit). A 0install package should never need to bundle libraries.

On a multi-user system you can enable system-wide sharing. This is off by default because it requir

Re:

[AvitarX]

Interesting, I knew it shared amongst itself, but did not realize it shared with the distro (or how to make it do that).

This should address all the complaints of wah, too many copies.

As I said, I used it on Windows (and last night tried to use it to install ROX, but failed in getting a successful ROX session, and the programs didn't appear to run consistently).

I really like that it doesn't use admin, and installs conveniently and neatly. For every application not integrated into the OS/Desktop environment i

Re:

[lennier]

if there is no bug, then no harm, no foul in letting my library lag behind a little bit.

In my experience, the chance at any given moment that there is no security-critical bug in any library anywhere is approximately zero. Everything currently available has a bug. It's ony a matter of time until the black hats discover it (and chances are they already have).

So if you ship your own copy of any system library, you're a botnet waiting to happen. At the very best, if yuo package your own yet-another-update-mechanism, you'll be yet another annoying always-running process sucking up CPU and Internet

Re:

[whizzter]

Sure this is a big security issue for networked apps, especially those that listens on sockets.

However for many desktop utility apps (graphics programs,etc) that has a tendency to depend on cutting edge libraries, it's a major hurdle for users to try them out (without borking up half their system to go cutting edge for that single app). This might even be a reason for why linux has never really succeeded on the desktop since you either get a flawed experience or an outdated experience.

As for security, a 0in

Re:

[hedwards]

It depends how it's handled. It's definitely bad for memory, but it really depends how it's handled. PCBSD seems to do pretty well with its PBIs which do include their own dependencies. So, you waste space, although not as much in the future with ZFS and dedupe, but you gain stability, you know that if you install a PBI that it won't screw up the rest of the computer via dependency issues.

Re:

[yarnosh]

Having multiple copies of shared libraries is bad for the system memory profile, not to mention bad for leaving lingering bugs long after they have been fixed in the library's mainline code.

Depends on how much you are not sharing. If the OS base is strong enough and you only need to bundle minor auxiliary libraries with your app, it isn't a big deal. And even if you do package a bugged library with your application, it may not matter. The bug may not even apply to yoru application. As long as your application works and the bug isn't security related, there's no problem.

Which is why a solo approach to dependency management has sever limitations. Distros may have messy process, but they are on the right track in that a lot of collaboration, and the tools to make it smooth, is needed to do things right.

I have to strongly disagree. As an end user of LInux on the desktop for 12+ years and OS X for almost 4 now, I can honestly sa

Re:

[crazycheetah]

This is actually a little weird compared to most other package management systems, from the looks of it. For one, you're never actually installing it (note: I'm just going to refer to Linux, because I'm not familiar with anything of the sort for Windows or Mac at all, but every big distribution of Linux has something). You install it to your local user's cache and run it from there, whereas most package management systems require you to login as root to install the package. The cool thing about that, is tha

Re:

[hedwards]

This whole project is somewhat similar to Cameyo [cameyo.com]

But as far as the kernel goes, that would be a really bad idea. You shouldn't be installing kernel modules in this fashion, even temporarily, I could see this as a means of soft upgrading to a new version to make sure that nobody pulls a Ubuntu on you. Mixing distros though would likely be a bad idea given the lack of agreement over aspects of OS design.

Re:

[crazycheetah]

I actually agree with what you're saying. And looking into what you posted and 0install a bit more, it makes sense that you may have misunderstood exactly what I was thinking. Mind you, I was thinking outside of what 0install does here, so the kernel piece I mentioned would be more appropriate as something of a side to this.

My thought is that this would actually be an interesting idea for managing apps within a distribution. Some of the core aspects such as kernel and stuff could be done in a more decentral

self-contained application bundle

[nurb432]

Like PCBSD does already?

Re:

[Ungrounded Lightning]

why not just make a universal, self-contained application bundle, ... that contains all necessary dependencies without having to download them separately?

In addition to many duplications of the dependencies in multiple clients of it (which has already been mentioned)...

If any IP issues with the dependencies are discovered later, the trolls have far more people to go after.

Why increase risk? By NOT shipping the dependencies the authors of the depending code are insulated from liability - while still having

"Is this the end of the walled gardens..."

[Anonymous Coward]

Is this the end of the walled-gardens of traditional app stores?

Sure, provided 0install works on every popular platform that has a traditional app store.

What's that? It doesn't run on any of those? Oh dear.

Re:

[tal197]

What's that? It doesn't run on any of those? Oh dear.

Yes, some platforms are so locked down that they won't let you run 0install. But it has been ported to all the common platforms that allow it (Linux, Unix, Mac OS X, Windows).

Does this mean...

[Jonah Hex]

...Windows will finally have an application manager that will auto update applications? InstallPad was an interesting idea that seemed to fall back into obscurity and hasn't been updated in years, and don't even get me started on the stupid BitComet (I think it's installed with BitComet, haven't used it in a long time) auto program updater.

HEX

Re:

[Jonah Hex]

Thanks AC, I will definitely check out Secunia PSI. Anyone else want to chime in on it?

Re:

[DogDude]

It's not needed. Most apps do it themselves.

Re:

[Jonah Hex]

While some do, they usually make use of a constantly running update check task. (Adobe, Java, etc) Some check when the program runs, which is a bit better, but if I need to use the program I don't want to spend time updating. I'd rather have one program checking all my apps and drivers and installing updates automagically at night.

HEX

Probably won't gain wide acceptance

[ndogg]

Here's what a tool like this needs to be able to do, download the package which is then converted into a package format appropriate for the system (DEB, RPM, TGZ, etc.)

Why has no one done this yet? I'm not saying it's going to be easy, but surely, I'm not the first to think of this.

I know there is 'alien' but it's always seemed a bit hackish to me, and when packages get installed, it's not as if they get installed into the appropriate directories (e.g. if an RPM package installs its contents into /opt and

Re:

[vlm]

Here's what a tool like this needs to be able to do, download the package which is then converted into a package format appropriate for the system (DEB, RPM, TGZ, etc.)

Why has no one done this yet?

You're confusing what it means to be a file format with what it means to be a software package.

A Debian package is only a Debian package because it was accepted into the archives because it follows a couple hundred pages of Debian Policy.

I could put random atari2600 roms into a .DEB formatted file and install into C:\WAREZ\ , but that doesn't make it a "Debian package"

Re:

[X0563511]

Er, no. It would still be a debian package. It just wouldn't be an official package.

As well it wouldn't be that simple to do. The .deb file has more than just files, it is an 'ar' archive containing:

1. debian-control - a simple file with the package version number
2. data.tar.gz - this is what you seem to think a .deb or .rpm is, and only is (can be other compressors, such as lzma, bzip, xz - but it is always a tar archive)
3. control.tar.gz - contains scripts for install, configuration, uninstall, etc - as well as t

Re:

[dkleinsc]

The trouble is, you very quickly get into "do-what-I-mean" territory. If I'm building a binary package in whatever form for whatever distro I'm building it for, I'm expecting the system to be set up in certain ways with certain conventions. For instance, do the executables belong in /opt/foo/bin, /bin, /usr/bin, /usr/local/bin, or somewhere completely different? I as the package maintainer for an attempt at a generic distribution system certainly don't know, and any tool that tries to figure it out would fa

Re:

[yarnosh]

Why has no one done this yet?

Because converting packages to different systems doesn't deal with the dependency hell found in most non-trivial Linux applications. The location of the binaries is actually the least of your concerns.

Isn't this basically what Java was supposed to do?

[Anonymous Coward]

Isn't this basically the same thing as what Java was trying to do? The problem (if I'm reading this correctly) is that the Zero Install program needs to be on the user's computer for it to work...exactly the same as needing a JVM installed for Java to work.

Re:

[tal197]

It's perhaps more like Java Web Start in concept, but it works with any language (including Java). There is the 0export [0install.net] tool to create self-extracting bundles, but yes in the normal case it assumes that 0install will already be on the machine.

We could create a massive install arch., or...

[istartedi]

We could create a massive installation architecture that requires whole new networks and languages.

Or, we could just seek out reputable sources, download executables, and run stuff.

Whatever happened to Tucows...hmmm... it's still in business. Their "spotlight program" is Registry Booster 2011. So sad.

Also known as...

[RightSaidFred99]

ClickOnce [wikipedia.org] for Linux. Not exactly a new idea.

Give me Debian package management any day

[jabjoe]

I grew up as a RiscOS user, which had this kind of application folder system.
Package management is >much If you are going to have shared blobs of code like shared-objects/DLL you need package management, end of story.
You want one copy of each, or a least one of each version, and you want to update that one file. Even on modern machines, you don't want to statically link everything, even if you did, think about updates. If one of these files need a fix, it's much easier to update that one file, then upd

Re:

[tal197]

RISC OS application directories and Apple bundles have the nice property that you can install from anywhere, can have multiple versions and there are no conflicts between packages (e.g. both installing a "/usr/bin/convert"). But shared libraries are a pain because you have to install them manually, and upgrading a library needed to install program B can make program A stop working.

Debian packages have the nice property that you get dependency handling and automatic updates, and shared libraries work bette

Re:

[jabjoe]

In Debian (and no doubt other package managers) you can have A and B use different versions of a shared lib, but one uses the "somelib.so" and the other "somelib.1.0.so". Normally a version of lib is standardize as the version of a lib. Other versions are used with version number as part of the name. If there is a conflict, then yes you can have only one or the other, but I don't see how you get out of that. For instance /usr/bin/convert and /usr/local/bin/convert is still a conflict in my book, one (local)

Re:

[tal197]

In the case of 0install, the command name (if any) is chosen by the user, not the package. So you might do something like this for shell use:

$ 0alias convert-img http://image-editor.org/convert [image-editor.org]
$ 0alias convert-text http://text-converter.com/convert [text-converter.com]

If a package depended on one of these, it would express that in its dependencies. e.g.

Make example.com/convert >= 1.3 available to me as 'convert'

0install would ensure that example.com's convert command was in $PATH, but just for the program that n

Re:

[tal197]

0install does not touch any files outside of ~/.config/0install.net/ and ~/.cache/0install.net/ by default, and it won't let packages change things at install time either. This is necessary so that it can be used with sandboxes.

The only exceptions are that it will make a configuration change that you request explicitly. For example, if you ask it to add Firefox 4 to your Network menu then it will do that, or if you ask it to add a "firefox4" shell command to run it then it will create a "firefox4" script

I for one won't use it!

[DadLeopard]

Darn, I left the "Wild West" of Windows programs behind, and I am sure not going to start installing stuff from people I have no reason to trust now! I'll stick to the Linux repositories and a few (Very few) trusted applications from people and places I Know are trustworthy! I don't even have to get into the whole issue of multiple copies of the same files spread all over my system!