Re: [Evolution] go-gnome installer

From: "Chris A. Henesy" <lurker shadowtech org>
To: "Thomas H. Ptacek" <tqbf sonicity com>
Cc: <evolution ximian com>
Subject: Re: [Evolution] go-gnome installer
Date: Fri, 27 Apr 2001 08:13:21 -0400 (EDT)

On 26 Apr 2001, Thomas H. Ptacek wrote:


I'm sorry, I'm sure you've been beaten up by this question
repeatedly, but I just have to ask:

Which one of you monkeys was on the pipe long enough to come
up with the "pipe lynx into sh" installer mechanism that Ximian
GNOME uses to install?

You realize that this is quite possibly the worst install
mechanism, not only from a security perspective but from an
end-user ease-of-use/familiarity perspective, of any program
you can currently obtain.



        It may be unfamilier, but I personally find that this is the
EASIEST method I have EVER seen for installing a Linux program.  Not to
mention that it is very "cross platform" since almost EVERY distro has
lynx and sh.  Are you saying it's easier to have the user download a file,
untar it, chmod it and run it?

        As far as security goes, the only reason it would ever be a
concern is if someone cracked their servers and replaced the install
script.  But then again, the cracker could just as easily leave the
install script alone and instead replace one of the packages with a
trojaned version.  As long as you are installing software you didn't
compile yourself, you have to be concerned to some degree about security,
so I don't see the point in getting to bent out of shape about this
one particular script.

        -Chris

Follow-Ups:
- Re: [Evolution] go-gnome installer
  - From: Xavier Bestel

References:
- [Evolution] go-gnome installer
  - From: H.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]