[chbot] Updating a program: which Way did I use to install it?

Stephen Irons stephen at irons.nz
Tue Aug 25 03:41:35 BST 2020


(and did I mention Firefox, Chromium, other web-browsers, Thunderbird 
and other email clients, emacs, vi, gedit, Eclipse, Arduino IDE, other 
even more horrible IDEs, The GIMP, Rhythmbox: all of these have their 
own extension system with package managers? Yes, I use some of those 
too...do I trust all of those extensions?

If creating an AUR package is as easy as writing a shell script to 
download and install it, then it sounds like a good idea.

I will still have to install some horrible package that some useless 
supplier only makes available as a tar file with precompiled binaries, 
and take the chance that it doesn't get nasty.

At least the shell script reminds me where I got it from and how I 
installed it.

I am feeling rather exposed and vulnerable here: please, someone join 
Promiscuous Installers Anonymous, and tell me I am not the only one who 
has Reasons to run programs from outside the official repositories?

Stephen Irons

On Tue, Aug 25, 2020 at 14:17, Geoff <sdfgeoff at gmail.com> wrote:
> May I briefly mention Arch:
>  Many things are in the official repos, most remaining things are in 
> the AUR. The versions are always the latest, so no need for 90% of 
> PPA's. Additionally creating a package is only a little more complex 
> than creating a bash script to install it, and the package manager 
> then tracks what files it puts where and the hashes. (This is why the 
> AUR's are so comprehensive)
> 
> As a result installs with pip flatpak etc. are all contained under 
> the supervision of the system package manager.
> 
> My laptop has exactly two 'systems' of installation: the system 
> package manager and putting projects I'm working on/made in ~/bin
> 
> Geoffrey
> 
> On 25 Aug 2020 1:34 PM, "Stephen Irons" <stephen at irons.nz 
> <mailto:stephen at irons.nz>> wrote:
>> Clearly I have become an Average Joe User, installing stuff left, 
>> right and centre.
>> 
>> How did I get here?
>> 
>> I used to be quite disciplined, and only installed stuff from the 
>> official repos.
>> 
>> Then I needed a newer version with a new feature or bug-fix, and I 
>> had to use a PPA. And the feeling of trust and confidence went down 
>> a bit.
>> 
>> But sometimes the PPA version did not have the right option, so I 
>> had to install from source or version control. I imagine that I 
>> trusted those places too.
>> 
>> Well, two ways (distribution way and source) is managable.
>> 
>> Other people thought that universal installs were the bees-knees, 
>> but, of course, NIH-syndrome meant that we needed umpteen versions 
>> of the same thing. Suddenly, there are 3, 4, 5, who knows how many 
>> ways to install stuff, and my brain explodes.
>> 
>> (Also, in my list, I forgot about perl -- they too have a way to 
>> distribute stuff).
>> 
>> (Forgot about Wine too: some programs are Windows only, but run 
>> passably under Wine).
>> 
>> And look where I am now, and I didn't realise how far I had sunk.
>> 
>> In my defence
>> 
>> I do at least think about what I am installing and assess what the 
>> risks are.
>> 
>> I feel fairly confident with programs that install as a normal user 
>> (AppImage, Python pip, some source packages, downloaded tar files, 
>> Windows under Wine). Of course, there is no knowing what they will 
>> end up doing, but I think they will only affect My Stuff, not The 
>> Whole Caboodle.
>> 
>> Sometimes, though, it is cheapest in the short term to take the path 
>> of least resistance, download and trust to luck. So far, I think I 
>> have been lucky. Then again, how would I tell?
>> 
>> Perhaps it IS time to do a re-install.
>> 
>> Perhaps it is time to use a separate laptop for work, where we go 
>> down some unpalatable paths suggested by commercial reality or 
>> economic pressures.
>> 
>> Stephen Irons
>> 
>> 
>> On Tue, Aug 25, 2020 at 12:41, Volker Kuhlmann <list57 at top.geek.nz 
>> <mailto:list57 at top.geek.nz>> wrote:
>>> [...]
>>> 
>>> Oh dear, sounds just like a Microsoft system... *ducks*
>>> 
>>> Looks like a lack of discipline with system administration.
>>> Maybe you want to start with fdisk and a freshly downloaded copy of
>>> $FAVDISTRO? That's what I'd do.
>>> 
>>> Volker
>>> 
>>> --
>>> Volker Kuhlmann
>>> <http://volker.top.geek.nz/>	Please do not CC list postings to me.
>>> 
>>> _______________________________________________
>>> Chchrobotics mailing list Chchrobotics at lists.ourshack.com 
>>> <mailto:Chchrobotics at lists.ourshack.com>
>>> <https://lists.ourshack.com/mailman/listinfo/chchrobotics>
>>> Mail Archives: <http://lists.ourshack.com/pipermail/chchrobotics/>
>>> Meetings usually 3rd Monday each month. See http://kiwibots.org 
>>> <http://kiwibots.org/> for venue, directions and dates.
>>> When replying, please edit your Subject line to reflect new 
>>> subjects.
>> 
>> _______________________________________________
>>  Chchrobotics mailing list Chchrobotics at lists.ourshack.com 
>> <mailto:Chchrobotics at lists.ourshack.com>
>> <https://lists.ourshack.com/mailman/listinfo/chchrobotics>
>>  Mail Archives: <http://lists.ourshack.com/pipermail/chchrobotics/>
>>  Meetings usually 3rd Monday each month. See http://kiwibots.org 
>> <http://kiwibots.org/> for venue, directions and dates.
>>  When replying, please edit your Subject line to reflect new 
>> subjects.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/chchrobotics/attachments/20200825/c5acadad/attachment.html>


More information about the Chchrobotics mailing list