Posted Apr 1, 2005 4:15 UTC (Fri) by mcatkins
Parent article: Autopackage 1.0
I'm surprised more people aren't worried by the fact that an autopackage
is an executable!!! What a wonderful vector for a virus!
We've almost convincing the windows people that running downloaded files
without looking at them very carefully is not too clever, and here someone
is suggesting the same for Linux!
What I'd like to see is:
1) a package format that is *not* executable
2) force the user to manually download, and install the autopackage
installer first. Better yet, why not put the autopackage installer into
the standard distributions, so after a while, everyone already has it?
3) Change the installation process of a package so that the first step
is to create a .deb/.rpm/etc suitable for the local system, from the
data in the autopackage, and then install that.
This way, autopackage files play well with whatever local
package management system is being used.
And doesn't alien already do most of the hard work? Or at least,
is a starting place.
1 is pretty-much non-negotiable, before I would use autopackage
to post comments)