New Autopackage Website/Wiki

1 view
Skip to first unread message

Jan Niklas Hasse

unread,
May 19, 2010, 5:18:37 AM5/19/10
to autopackage
Hi everyone,

I just created a first draft of what the new website could look like:

http://autopackage.watteimdocht.de/

The important thing is: It's a Wiki. This way we won't need 2
different places anymore where to find information (website vs. trac).
Wiki markup is Creole: http://www.wikicreole.org/
Unfortunately internal Wiki links are not supported yet (but you can
easily create a normal link, edit the homepage and you see what I
mean).
I'm using Django and Wikiapp: https://launchpad.net/django-wikiapp

Any feedback is greatly appreciated, what do you think of it? :)

-
Jan

Damjan Jovanovic

unread,
May 19, 2010, 11:31:14 AM5/19/10
to autop...@googlegroups.com
It's great, let's use it?

> -
> Jan
>

Damjan

Jan Niklas Hasse

unread,
May 20, 2010, 7:00:24 AM5/20/10
to autop...@googlegroups.com
On Wed, May 19, 2010 at 5:31 PM, Damjan Jovanovic <damja...@gmail.com> wrote:
> It's great, let's use it?

Before that, we'll need to fill it with some content ;)

Also some things are still a little bit buggy and need to be fixed.
Something I will do in the next days.

Rykel™

unread,
May 20, 2010, 11:54:59 AM5/20/10
to autop...@googlegroups.com
Thanks gang for keeping autopackage going!!

Mike, now that Ubuntu has deb installers, I think it is even more important to highlight the #1 advantage of autopackager over debs... namely, that you can install an autopackage as User.


Best Regards,


Rykel™


Sincerely Yours,
Drink MonaVie:

kernel_script

unread,
May 20, 2010, 12:12:59 PM5/20/10
to autopackage
You mean as non-root user? Wouldn't that raise serious security
issues? Like installing a kind of virus? Since there is no root access
need for the application to do whatever it wants inside /home/user

I didn't knew that. If autopackage do that I'll stop using and
supporting it, since Linux user security is a major concern for me.

On 20 maio, 12:54, Rykel™ <ryke...@gmail.com> wrote:
> Thanks gang for keeping autopackage going!!
>
> Mike, now that Ubuntu has deb installers, I think it is even more important
> to highlight the #1 advantage of autopackager over debs... namely, that you
> can install an autopackage as User.
>
> Best Regards,
>
> Rykel™
>
> Sincerely Yours,
> Drink MonaVie:www.19fruits.me
>
> On 20 May 2010 19:00, Jan Niklas Hasse <jha...@gmail.com> wrote:
>
> > On Wed, May 19, 2010 at 5:31 PM, Damjan Jovanovic <damjan....@gmail.com>

Rykel™

unread,
May 20, 2010, 12:19:01 PM5/20/10
to autop...@googlegroups.com
Autopackages can be installed as User.

This is VERY secure. Even if the program is a virus, it will NOT infect the rest of the system.

It will at most infect the User account only.



Best Regards,


Rykel™

Taj Morton

unread,
May 20, 2010, 12:24:10 PM5/20/10
to autop...@googlegroups.com
You may choose to install as root/non-root when installing a package. If you supply your password when prompted, the package is installed system-wide (as root). If you don't supply it, the package is installed into your $HOME/.local directory.

The issue of security wrt root/user is a bit complex. Generally, even if software is installed as root, it can still do whatever it wants inside your /home/user directory. This is because to install as root, it needs root permissions, which include the ability to write anywhere in the filesystem. The same goes for running the program when installed as root. Since you're running it as a user (with user permissions), it can still modify your /home/user directory. So, you gain nothing by installing it as root.

The part that makes installing as user (theoretically) less secure is the ability of a program to modify itself (or its data). Normally, when a program is installed as root, the (non-root) user running the application does not have write access to the program or its files. This (theoretically) prevents the program from silently modifying itself. In practice, it'd be fairly easy to include rogue code in the application which used data from (user-writable) locations. Most desktop applications already have this built in: programs read icons, scripts, themes, and all sorts of other data from $HOME/.[something] all the time.

In general, for typical user cases (NOT servers), the data stored on a computer is much more valuable than the operating system or programs. Reinstalling Ubuntu is a 30 minute process, but getting your data back from backups (if they exist) is much more of a pain. Since programs are always executed with user permissions to modify user files, you gain nothing by installing as root. The best protection here are things like SELinux and AppArmor.

- Taj

kernel_script

unread,
May 20, 2010, 1:45:18 PM5/20/10
to autopackage
I see. Thanks for the explanation.
Reply all
Reply to author
Forward
0 new messages