[PC-BSD Dev] PBI Issue, looking to the future

[A.Y.]

Hello guys, our users are doomed :)

PBI is evil. This evil's root in root password :)

If PBI didn't stop asking root password - both malware and antiviruses 
would came. I'd say it's inevitable and unacceptable.
Currently we have a Major Release which spread auditory. So, this is 
very good point to stop and think about future of installing software 
and PCBSD itself.
Users are allowed to create software without any restriction, and they 
allowed to give this software to anyone they want to.
I didn't deny it. Actual "must enter root password"-installation way is 
perfect? no way!

Okay, we could  build PBIs for all world's soft, (provide it from 
pbidir.com only, and discourage users from using other sites with pbis) 
and yes, we could use more servers, so these builds will be more or less 
latest. But this isn't exact way of open source (restrict users to 
download soft here and only here), and not-so-easily could be done.

I want propose such scheme:
*.ko released under separate PBIs which is available only from 
pbidir.com, or they *must* be somehow signed with pcbsd-team sign (if 
they are releasing by different company/site).
why so comlpicated? because paranoia is good quality of good user :) 
Now, there is NO way detect where this PBI came from. Is it safe, is it 
contains some danger code? who knows. So, if there will be sign, or 
something else - this will be somewhat proof of authenticity of this PBI.
"I know, this PBI with kernel module came from PCBSD (here is a gold key 
icon), it's should be safe, and this one is from xxx.dothack.crack.com 
(here is red question sign), hm... which one is safe?"

Other PBIs, which don't do anything with kernel modules should be 
installed under non-privileged user, something like system-created 
"ProgramsUser", so all programs will stay intact if we delete one user, 
add another, etc.

All things - create dirs, files, etc could be done with unprivileged 
user without problems. Only thing which required privileged actions is 
symlinks.
they can be declared in file, for example "symlinks.list":

"opera" "/usr/local/share/opera"
"bin/opera" "/usr/local/bin/opera"

Current PBI installer knows that it must link qemu dir to 
/usr/local/share/qemu. And installer didn't bother check if there is 
this file :) So, I've ports qemu, and want install PBI-qemu.
Currently I have /Programs/QEMU0.9.1_9/share/qemu symlinked to 
/usr/local/share/qemu/qemu
And no errors during installation.

So, I proposing also to check if there exists any file which didn't fit 
installation procedure, and say about this to user.


If PBI will continue ask for a root password, there will be some 
"anti-virus" software for "only" 49,99 USD in about year-two, for sure.