Hello everyone, I’ve been using Linux and openSUSE for almost a year now and so far it’s been awesome. However, I’ve been quite sceptical of using the openSUSE Build Service (OBS) and I want to check with people here if it’s warranted. I just get a bit paranoid when it comes to installing an app from some random user repo in OBS when I don’t have the technical know-how to go through the code and check for malicious code. Is there anything that prevents users from planting malware in OBS repos or should I keep being sceptical and reluctant to use OBS?
Should not be a problem if the program you want is not in the standard repos.
Cavite: don’t leave non standard repos active since individual’s repos may contain things you don’t want when updating which may break things.
You should only use OBS repos when you know what you are doing and are fit in troubleshooting. Other repos than the official openSUSE ones are not tested and can easily break your system. And as everybody can use OBS for package building, the risk for broken/altered packages is higher than from the official openSUSE repos.
A good example is the RegataOS stuff where all OS updates are disabled and a wild mix of untested and incompatible repos is used to assemble a “operating system” based on openSUSE Leap…
I just would like to add that there is also the option to install flatpaks instead of applications from untrusted OBS maintainers.
In my personal opinion that is the better option when it comes to applications that are not available in the official repos.
As the flatpak applications are sandboxed it’s, eventhough not 100% secure, more secure than installing something that has potentially access to your entire system.
Also you can easily keep flatpaks up to date and some applications are provided on flathub directly by the devs.
As a general rule, if the repo is a home: repo it’s someone’s personal repo, and you may have no idea what it is that their goal was for building what they’ve built. They may not be committed to maintaining it it either.
Unless you really know what you’re doing, don’t use things from home: repos at all.
For other repos, it depends, but again, best practice is to install from nonstandard repos when you’re certain of what you’re doing. You can always ask for advice here if you’re unsure about something specific.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.