I've tried installing Klik twice in the past, but the site was down both times. A osnews.com article prompted me to try it again and this time I got it installed.

Klik's main advantage over Zero Install is the large number of packages available for it. Its main disadvantage is that it's totally insecure. However, I've written klik2zero, a little Python script that creates Zero Install packages automatically from Klik ones.

I've been spending a bit of time playing with PLASH. Plash is a shell which grants the programs it runs access only to certain files. For example:

$ cat text

Because text appears on the command-line, the cat command is given read access to it (and nothing else). To get write access, you put => before the filename:

$ rm text
/bin/rm: cannot remove `text': Permission denied
$ rm => text
$

You can also give a process access to a file (or directory structure) without also passing its name as an argument. List such files after +, e.g.:

GPG is the GNU Privacy Guard.

In an effort to reduce the chance of someone breaking into SourceForge (as has happened before) and quietly changing the code (which hasn't), all software source releases have GPG signatures.

To check a file, you need to get my public key (below) and the GPG signature for the file you downloaded. Assuming the key hasn't been tampered with too, GPG can check that the downloaded file is identical to the one I signed.