[Gambas-user] Gambas self-extracting installer (4)

Ian Haywood ihaywood3 at ...626...
Mon Oct 28 03:06:24 CET 2013


On Sunday, October 27, 2013, Benoit Minisini
<gambas at ...1... <mailto:gambas at ...1...>> wrote:
> But I don't think it's a good idea to ask for the root or sudo password
> to installed Gambas package, for security reasons (can you really trust
> that self-extracting installer?)
>
> Instead, I think I will just tell the user which packages he must
> install himself before being able to complete the installation.

An installer without root access doesn't seem that useful IMHO as it
would end up just displaying a long list of complex commands to enter
into a terminal.
Most people using it wouldn't understand the commands (otherwise they
wouldn't need the installer) so from a security point of view you gain
nothing by making them cut and paste into a terminal window - they still
have to trust that you haven't embedded a "rm -f /" in there.
 I suggest detecting gksu or kdesu on the system and using those, this
means your code doesn't have to handle the root password.

> Moreover, I will try to provide the installed program with all needed
> Gambas components inside. So, provided that the dependencies of these
> components are already installed, nothing will need to be installed.
If you can automatically install whatever library you might as well
install its gambas binding as a package too.

> For security reasons, maybe this packager should be able to install the
> program locally only.
I don't think "installing locally" is a good idea or particularly useful
IMHO. In practice you will almost always need root access to install
some dependency, so you might as well install the program itself the
normal way in /usr/bin while you're at it.

Ian



More information about the User mailing list