More on apps, shelf space 1050

These don't use Spotlight. What it does is watch where you navigate in the Finder and whenever it sees a bundle, it makes a note of it.

This isn't entirely reliable, and it doesn't work at all for things the user does not see (ie, Spotlight plugins).

Worse, its a security risk. The Finder will "see" bundles that you have just downloaded (typically); these are included in the database and may be executed automatically (say, to open a file).

Early versions of Mac OS X could be tricked into executing malicious code with no warning or recourse in this way. The current ones warn you when starting a new app this way, which is better than nothing- but still pretty weak. Most users don't even read these sorts of repebreastive warnings after the first few times; many don't read them at all.

This is too limiting; everyone will have to be a trusted user to install software if you use this system, and if everyone is trusted, the distinction loses all value.

I think Microsoft's solution works well (when it actually works): you run an "installer" program and it registers the software in the registry. This makes the decision to trust a given app explicit; the mere fact that an app was included in a download does not mean the OS will try to execute it.

I think you want that explicit "install" step somehow, but you also want machinery that can recover if the registration database is damaged- like the way you can rebuild the Spotlight index. How to do both is not obvious to me.