Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: software from the community repositories safe?

  1. #1

    Post software from the community repositories safe?

    Hello

    I'm new to Opensuse and I;ve got a question on the community repositories. I want to install software like Keepassxc 2.30, Mediathekview and clamtk. Can I install those applications from the different community repositories safely without that my desktop is being compromised.

    I thank you for your answers!

  2. #2

    Default Re: software from the community repositories safe?

    The easiest thing is to install only the single software, choosing at the first Yast screen not to keep the repository.

  3. #3
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: software from the community repositories safe?

    yes it's safe and while somebody might suggest using the 1-click installer to install software from 3rd party repo's and then selecting not to keep the repo's I'd suggest the opposite add those repositories with zypper or yast and then install the apps you want with zypper or yast while keeping the repo's, by keeping the repositories active you'll get any software updates that are published by just installing the rpm you won't get updates
    just keep the number of extra repositories to a minimum to the ones you really use if you don't use software from a repo remove it.

  4. #4

    Default Re: software from the community repositories safe?

    With Yast there is also the possibility of giving priority to the repositories.
    By default they are set to 99, if you add a Community Repository you put it at 100 so it does not have priority over the official ones
    What version of Opensuse are we talking about?

  5. #5
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,925
    Blog Entries
    14

    Default Re: software from the community repositories safe?

    One warning: the distro itself is openqa tested, as a whole. The community repos arent't. The documentation is clear about those repos: use at own risk. Of course, the community will try to help you, if issues arise, but please note the difference.
    Last edited by Fraser_Bell; 14-Apr-2018 at 15:23. Reason: fix important typo
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  6. #6
    Join Date
    Nov 2013
    Location
    Kamloops, BC, Canada
    Posts
    4,029

    Default Re: software from the community repositories safe?

    Quote Originally Posted by smily01 View Post
    Hello

    I'm new to Opensuse and I;ve got a question on the community repositories. I want to install software like Keepassxc 2.30, Mediathekview and clamtk. Can I install those applications from the different community repositories safely without that my desktop is being compromised.

    I thank you for your answers!
    Knurpht points out important info, and I would like to add that using the Community Repos can have risks. It helps if you are aware of any work done by the Repo owner and what stage they are at, as well.

    Many of the home repos are by some very experienced Packagers and Programmers, while there are also quite a few by other people just starting out in OBS and learning what to do.

    It could well be a first experimental work by someone.

    Of course, it is very unlikely that anyone in the home repos have any malicious intent, but unintended mistakes and glitches can happen when a person is learning and starting out.

    As Knurpht said, weigh the options, and if you run into trouble, just come here for help.
    "Take a Walk on a Sunny Day, Greet everyone along the way, and Make Somebody Smile, Today"
    Gerry Jack Macks"Walk On A Sunny Day" GerryJackMacks.net

  7. #7
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: software from the community repositories safe?

    You might want to consider what you mean by "Community Repository,"
    The current website https://software.opensuse.org/search unfortunately has confused the terminology.

    Traditionally, "Community" has meant an organized group of people working with a common purpose, and especially in software likely working on a single project or an umbrella of projects.
    The newly misleading use of "Community" in our openSUSE software currently does not mean this, "Comminity" only refers loosely to individuals contributing to OBS. There is no organization, and each individual is more likely working alone than as part of an organized effort.
    Instead "Experimental" now seems to include various types of what more traditionally is known as organized "Community"

    Examples
    Packman seems to be no longer considered a Community repository.
    Our own openSUSE repos like servers, development languages, and officially sanctioned technologies like Ruby and Python are no longer considered Community repositories.

    But,
    If I were to set up an OBS repo for my own personal efforts, that would be considered a Community repo.

    So,
    In terms of the hierarchy of trusted repo sources, I currently consider our openSUSE definition of a "Community" repository as the least reliable and safe. That does not necessarily mean that the repo contains malicious software, it mostly means that the software is least reviewed, least tested and if there are other sources I would prefer almost anything before one of these repos... But will still consider these repos vastly better than something with unknown or unverifiable origin.

    I'd encourage openSUSE to revise this change in terminology ASAP but am not holding my breath.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  8. #8
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: software from the community repositories safe?

    yes I don't quite understand the reasoning for the new layout on
    https://software.opensuse.org/search
    what it calls community repo's are in fact user repo's and while some of them are repositories of software developers there's nothing community in them, while I do use software from some of them I do it with care as they are user repositories and can contain experimental features
    yet the official extra opensuse repositories (for example kde:extra or gnome:apps) are filed under experimental when they contain vanilla code with zero experimental features?
    it's just beyond me why they changed the old UI it was simple and functional the new is confusing

  9. #9
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: software from the community repositories safe?

    Am also contemplating the simple possibility that the website code is reversed...
    Everything in "Community" should actually be in "Experimental" and vice versa.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  10. #10

    Default Re: software from the community repositories safe?

    Its precisely this confusion between trusted and non-trusted packages that I am dropping openSUSE 30 minutes after installing it for the first time. This is simply not acceptable. With a single click you can install a malicious externally non-tested package created by someone from there bedroom. Sorry, but this is not professional at all and not worth the risk. Clearly define what is from the main repo and packages by the official team, or don't use confusing double meanings for "Community" and "Experimental". Just too risky! A setup like this makes one question the judgement of the main openSUSE developers in the first instance.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •