Comments on Autopackage Considered Harmful

By: Morgan

2011-06-08T12:40:34Z

@Rick K / Cash Tornado

AFAIK, Autopackage is still not the standard way to install apps. The way it most of the time requires root access to install anything will definitely not go well with 90% of the linux users. Why do you think windows users get new malware every other day.

A few distro’s have adopted it but I don’t see it picking up anytime soon.

By: Cash Tornado

2011-05-09T15:51:36Z

Nice overview but have there been any updates to this since 2005? Seems like there must have been – in technology 6 years is a long time…

By: Levi "Karatorian" Aho

2008-05-20T14:07:17Z

As a technically competant user, I tend to disagree with the entire idea of autopackage. If you’re not going to produce debs or RPMs, please, for the love of Linus, give me a tarball.

That said, I can appreciate the need for less geeky users to have a simple point and click method of installing packages. However, the current behavior of installing in /usr is completly unacceptable.

Honestly, I don’t give a damn what their reasons are. It’s a blatant violation of the FHS and (more importantly) the FSSTD. If one aims to be distro independant, these standards are your friend and you should respect them.

Despite the claims to the contrary, installing into /usr can and does break the packaging system. If broken /usr/local creates some hassles on your end, put some entries in an FAQ or something. Sheesh.

By: Jeff Licquia

2007-10-25T16:12:50Z

Except, of course, that Windows isn’t quite “just an operating system”, either. You have IE, Windows Media Player, Windows Messenger/MSN Messenger, Notepad, etc. They’re even skewing Vista to favor certain web sites (their own, of course).

I agree that Linux distros are only just starting to think about the question of third-party application installation, and that’s a problem. But I don’t get two things about your opposition to packages in general.

First, why is it so bad to be able to pull up a window and install a broad base of applications without having to go find them?

Second, Windows-style installing has its advantages, but also its drawbacks. One of the reasons viruses and worms are so difficult to do for Linux is that the OS takes responsibility–via the package manager–for some of the tasks of software installation. This doesn’t mean that distros have to package *everything*, of course, but it does give packages some compelling advantages; it’s certainly not an “absurd situation”.

Hope you come back; I’d love to hear your take on this.

By: stolennomenclature

2007-10-25T04:29:37Z

I am a software developer but I do not develop for Linux, and know little about the details of Linux package management and the problems involved. As a Linux user however, I do know that i loathe and detest the way applications are “packaged” for Linux. In fact I even hate the term “package”.
The operating system and the applications should be completely separate in the same way a cd player and the cd’s are. To amalgmate the operating system and the applications into a single entity seems to me to be the biggest blunder the IT idustry has ever made. How could anyone have ever thought that having all the aplications bundled together in one database would be a good idea? The sooner this absurd situation comes to an end the better.
I dont know if Autopackage is actually a good solution to this problem, but it or something like it is needed very badly.
When I download a “distro” i want it to be the operating system – no more no less. Like Windows. The kernel, device drivers, system scripts, and a few basic simple applications (editor, terminal) and a basic gui (kde or gnome with minimal apps). All other applications should come from the web sites of the applicationm authors or independant web sites like Freshmeat, etc.

By: cgmania

2007-01-17T07:00:44Z

â€œMike: Yes, this involves running a shell script however itâ€™s all â€œin the clearâ€ and anybody can read it to prove to themselves it hasnâ€™t been hax0red.â€

Humans reading it are one thing, but the biggie is programs reading it.

By: zaheermk

2005-11-26T10:42:56Z

I am not so sure on the technical part and the vulnerabilities asscociated with it. But an Autopackage kind of thing sure is a great method to distribute third party stuff like device drivers. So that it could be installed just like the .inf files the Windows drivers come in, in any of the GNU/Linux distros. And we all need some distro neutral stuff atleast when it comes to hardware and device drivers, right? I hope and wish Autopackage will mature enough to become the standard format to distribute atleast the device drivers.

Happy GNUiing!

By: OldSpiceAP

2005-07-29T21:55:43Z

Perhaps the solution here lies in freedesktop.org standards. They already define several standards so that desktop integration and the like are easier to program for. This is important, as it is a pain for people to program for the various permutations of desktops and windowmanagers. At least thats what I understand, perhaps I’m stupid. Obviously there is a problem with comercial and 3rd party apps. Bringing mainstream comercial apps into the linux arena isn’t just a matter of porting. A major headache and obstacle is packaging. Loki had some things going for them with the loki installer – it was so easy to use. But now it is outdated, and it didn’t always work anyways. Menu entries were a problem. It is still a useability problem. I notice that when I installed svg with autopackage, it needed my root password. I was using Ubuntu and it failed as I use sudo with the root account disabled. The workaround was to activate the root accound, install the autopackage and then return my root account to the inactive state. The password thing bothers me. Any distro package system of 3rd party package system who wishes to have people in the mainstream use it can’t be asking for passwords as this gets quite annoying.

IMHO the solution is simple. Some linux users want 15 levels of security. Some users want to be able to point and click and have things just work without security overhead making their lives difficult. The best solution is to have linux distros offer a simple option during install.

——————————————————–
Welcome to linux, a secure, stabile, fast
and free alternative to Windoze and OSX
Please select your level of computer
expirence so we can provide the best
interface expirence for you.
_____________________________________

O 1 – Beginner – point/click – lower security

O 2 – Intermediate – more expirence – more security

O 3 – Expert – TONS of security, a little less easy.

Obviously I just made that BS up on the spot but you get the picure – a shell script could easily set the necessary security and permissions to make this work..

By: Gerd

2005-07-03T00:29:43Z

I would like to recommend to aks for World Peace. There are not too many mainstream distros. They shall team up and unify their ways. Autopackage is a nice project and addresses many of the problems we face today.

By: jldugger

2005-06-24T02:51:55Z

I’m using Ubuntu right now, and I can tell you that you don’t need Autopackage for the latest version of crack-attack. Inkscape, yea, they’re a point release behind the latest stable. Debian unstable is currently on package attempt 5 of inkscape .41. If you need nightly releases for some reason, you either need to convince inkscape it’s worth the time to create a nightly .deb, learn the proper way to use tarballs or convince autopackage and distros that it’s in their best interests to work together, perhaps via /usr/local or /opt. Given that /usr/local is the traditional place for installing new software, it makes a modicum of sense to continue this legacy. The path of Autopackage is clear; the status quo has glaring problems (overwriting current installs comes to mind). Act in the affirmative and make good choices and you’ll quickly find yourself an instrument of positive change.

A MESSAGE TO DISTROS
Breaking /usr/local is stupid and this is what it gets you: users facing a choice between your software schedules or deliberately breaking your system.