> I want to be able to install applications that aren't in the repo, and I want to be able to do it without library conflicts and version mismatches. I have never in my life seen a package manager that can do those things.
Well, you're generally not limited to the repos. You can pull down a git repo and build from source (which is generally a one-liner command).
Arch's AUR is pretty good for packages not in the official repos, including, in some cases, earlier versions.
> From a developer perspective I just make appdirs anyway, because to me part of what makes personal computing great is being able to make an application and distribute it myself without having to kowtow to 200 different package repositories.
Right. And will you keep checking on your appdir-bundled components to make sure they're updated when necessary? This is what seems to me the real drawback of this method.
>>Whatever the drawbacks of package managers, that seems like the only sustainable model if you remotely care about security.
>If your OS doesn't give you any application sandboxing features whatsoever because its stuck in the idea that permissions apply only to users, then maybe. Most of the shared libraries you'd care about security patches for should be part of the base system so appdirs don't have to include them. Of course, that means actually having a stable and well defined base system.
Sandboxing is a separate issue.
Probably the BSD-model is better in some ways than the Linux model for having a well-defined base system.
> On the whole, however, I think people who make this argument should probably be using OpenBSD if they claim to care about security so much. Like I said, it's a tradeoff, you don't have to agree.
Perhaps, but there a lots of intermediate positions in the tradeoff. I myself settle for Linux-level usability and Linux-level security (because Windows-level security is unacceptable).
> Well, you're generally not limited to the repos. You can pull down a git repo and build from source (which is generally a one-liner command).
Yeah, it says a lot that this is the standard fallback. No thanks.
> Right. And will you keep checking on your appdir-bundled components to make sure they're updated when necessary? This is what seems to me the real drawback of this method.
I disagree that it is a big deal. For one, applications can check for updates on their own, they don't need the package manager/repository model to do that. AppImage has an alternative method where the AppImage provides a URI that the system can check for updates.
> because Windows-level security is unacceptable
Have you not used Windows since 98? There really isn't a single security feature Linux has that Windows doesn't. The biggest threat you face is ransomware, where Linux has the advantage only because it's such a pain to install software that doesn't come from the repository.
> Have you not used Windows since 98? There really isn't a single security feature Linux has that Windows doesn't. The biggest threat you face is ransomware, where Linux has the advantage only because it's such a pain to install software that doesn't come from the repository.
I have used Windows off and on from 3.11 to 10. Yes, I understand that what you say is true in theory. However, it is not true in practice. In Windows 10 I tried installing an app directly from the official Windows app store. Within 30 minutes that app had pulled down some sort of horrible malware that I couldn't get official Microsoft Tools to scrub, and even 3rd party ones had trouble. I think I ended up reinstalling, I can't remember. I do remember it sucked several hours of my life.
Crap like that wouldn't make it into a Linux repo; but apparently is fine for Microsoft's official app store. You can keep that security model.
And, as for the typical Windows program installing method, which is navigating to some website and downloading an installer, that is even more ripe for this sort of chicanery. No thanks. I'll stick to curated repos.
Those aren't security models, they're application distribution models, but besides that, the best you can do is an anecdote about "some software" you don't remember at all?
Yeah, installers suck, I think they don't quite suck as bad as repositories because at least you don't have to rely on a third party maintainer, but I can understand that if you don't draw outside the lines very often then they're probably fine.
What we should be doing is what Android does, but simpler (that is, without the store and the part where a user account is assigned). Applications should be directories, and they should be launched in their own namespace by default and sandboxed until you give them permission to do things.
They're application distribution models that have a great impact on security.
> the best you can do is an anecdote about "some software" you don't remember at all?
It was a wallpaper changer, and it was 3-5 years ago and I didn't keep a detailed journal of my Windows experiences. But it tells you something if you can be infected with malware from the official Microsoft apps store. That's not a platform I want to be doing banking or even email on.
I like Android for lots of things, but a model of safe and responsible software distribution it is NOT.
Anyway, if you like the separate namespaced app model, Linux offers that possibility too, you can use something like Cockpit [ https://cockpit-project.org/ ] to manage apps running in containers.
I'm aware that you can jump through a bunch of hoops to make something like that work on Linux, for ever single application individually, but I don't want to jump through a bunch of hoops so I'll just keep using Windows because it works and has much better hardware and software support. Linux desktops have had decades to convince the world that their way of doing things is better and part of the reason they haven't managed it, I think, is because they never listen to criticism and insist that their backwards and ancient unix ways of doing things are better like it's some kind of religion.
> I like Android for lots of things, but a model of safe and responsible software distribution it is NOT.
Bull. Every application you download from the appstore is sandboxed by default and there is effort put in to verifying that software isn't malicious. It doesn't always work for two reasons: Unlike Linux desktops, Android isn't actively hostile to proprietary non-opensource software, and people actually use it.
Linux repositories can, and have, had malware. Check google, it happened to Gentoo in 2010 (interestingly someone also recently put some into Gentoo's GitHub mirror) for instance. That's because it isn't essentially different from any other appstore, except that a whole lot more people use a much broader range of software from Android and iOS appstores, which also have a whole lot more desktop software.
Well, you're generally not limited to the repos. You can pull down a git repo and build from source (which is generally a one-liner command).
Arch's AUR is pretty good for packages not in the official repos, including, in some cases, earlier versions.
> From a developer perspective I just make appdirs anyway, because to me part of what makes personal computing great is being able to make an application and distribute it myself without having to kowtow to 200 different package repositories.
Right. And will you keep checking on your appdir-bundled components to make sure they're updated when necessary? This is what seems to me the real drawback of this method.
>>Whatever the drawbacks of package managers, that seems like the only sustainable model if you remotely care about security.
>If your OS doesn't give you any application sandboxing features whatsoever because its stuck in the idea that permissions apply only to users, then maybe. Most of the shared libraries you'd care about security patches for should be part of the base system so appdirs don't have to include them. Of course, that means actually having a stable and well defined base system.
Sandboxing is a separate issue.
Probably the BSD-model is better in some ways than the Linux model for having a well-defined base system.
> On the whole, however, I think people who make this argument should probably be using OpenBSD if they claim to care about security so much. Like I said, it's a tradeoff, you don't have to agree.
Perhaps, but there a lots of intermediate positions in the tradeoff. I myself settle for Linux-level usability and Linux-level security (because Windows-level security is unacceptable).