Monday, August 7, 2017

apt - Should I install programs from a source tarball (`.tar.gz`), from the Ubuntu Software Centre, or from elsewhere?


There are several ways to install an application in Ubuntu:



  • You can download a source tarball (generally a .tar.gz or a .tar.bz2 file) and install it manually. (See How do I install a .tar.gz (or .tar.bz2) file?)


  • You can download a .deb file and install it manually, using dpkg or the Software Centre.


  • You can search for the application in the Ubuntu Software Centre and install it there, or use apt with the official Ubuntu repositories.


  • You can find a PPA or a third-party repo, and install it from there.



What are the pros and cons of each method? Please discuss security implications, frequency of updates and program reliability of each method in your answer.



The short answer is that installing from the Ubuntu Software Centre is generally preferable to all the other methods. However, there are times when you may want to install a program from somewhere else.




Installing from source:



  • Security implications: You need to trust the authors of the software and the website that hosts the download. You should also check that the download is performed through HTTPS, otherwise, a third-party may modify the download.


  • Frequency of updates: You'll always get the latest and best! The updates will be as frequent as the original authors choose. However, you will need to check for updates yourself manually.


  • Reliability: It may not be as reliable as other methods, because the software will have gone through less testing, and may not even have been tested at all for Ubuntu, just other Linux distros.


  • Ease of installation and uninstallation: Most difficult out of all the options. Even experienced users may avoid this option, because they prefer using native Debian packages, which are much easier to manage.



Installing from a .deb package:



  • Security implications: Same as installing from source.


  • Frequency of updates: Same as installing from source.


  • Reliability: Slightly better than installing from source. If the authors have provided a .deb package, that implies that they probably have done some minimal testing on Debian or Ubuntu.


  • Ease of installation and uninstallation: Very easy. Just double-click and click "install"! Similarly easy for uninstallation.



Installing from the Ubuntu Software Centre:



  • Security implications: You need to trust the authors of the software, and the Ubuntu repo maintainers. On the whole, this is better security than installing directly from source, because the program has been reviewed to some extent by Debian and/or Ubuntu maintainers. Debian and/or Ubuntu maintainers can patch the program to fix security flaws, too, if the program is open source.


  • Frequency of updates: Debian and/or Ubuntu maintainers only select some releases of the software. (For example, they may only choose stable updates). There is a delay between the release of a program, and its inclusion in the Debian and/or Ubuntu repos. If you want the latest and greatest, this is not the best option. If you want stable updates that have been reviewed, this is a good option. Updates are proposed automatically through the update manager and apt-get.


  • Reliability: Much better than installing from source, as the program has been reviewed and adjusted for Ubuntu.


  • Ease of installation and uninstallation: Very, very easy.



Installing from a PPA or a third-party repo:



  • Security implications: You need to trust the authors of the software, and whoever maintains the PPA. Absolutely anyone can host a PPA, so don't trust the PPA just because it's on Launchpad. The user could have been lazy and not reviewed the software at all.


  • Frequency of updates: It depends on the PPA. Checking for updates is easy.


  • Reliability: Frequently less reliable than installing from the Ubuntu Software Centre. PPAs are there for programs that do not yet meet the standards for the Ubuntu Software Centre, so they are practically guaranteed to be less reliable.


  • Ease of installation and uninstallation: It's not hard to learn, and it fits in well with Ubuntu's package management.



No comments:

Post a Comment

11.10 - Can't boot from USB after installing Ubuntu

I bought a Samsung series 5 notebook and a very strange thing happened: I installed Ubuntu 11.10 from a usb pen drive but when I restarted (...