• 1 Post
  • 10 Comments
Joined 8 months ago
cake
Cake day: March 22nd, 2024

help-circle

  • I’m and end user

    Yeah, we all are. What’s your point?

    End users are also developers. All computer users are developers. You are developing.

    user working for end users

    By making a script that lets me get backdoors and shitty packages with ease? The linux package distribution system is a nightmare, Debian is the least bad approach. There is basically always a better option to using a .deb file. If you come across something that isn’t packaged, I recommend Flatpak, building from source (and installing unprivileged), or using the developers vendored tarball (installing unprivileged).

    https://wiki.debian.org/SecureApt

    By using local .debs you lose the benefit of:

    Reproducible builds

    GPG checksums

    Stable release model

    debian security team




  • If you are getting your code straight from the author,

    Which is not what you are doing at all with a .deb file. A .deb file is a binary with a bunch of scripts to “properly” install your package. Building from source is what you SHOULD be doing. Debian has an entire policy handbook on how packages are supposed to be packaged. Progrmatically you can review the quality of a package with ‘lintian’. .debs made by developers following a wiki tutorial can’t even come close. remember, apt installs happen as root and can execute arbitrary code.

    Also, debian packagers can be project maintainers, so they can be “the author.”