The officially official Devuan Forum!

You are not logged in.

#1 2020-12-22 21:10:15

rgl808
Member
Registered: 2020-12-08
Posts: 35  
Website

Info » AppImage security and alternatives

================================

Some ".AppImage" applications come from untrustworthy publishers. You can use "bwrap/firejial" to restrict the running environment of those ".AppImage" applications.

If you have a better way to restrict the running environment of ".AppImage" applications, please reply.

================================

[Info] (Please,dont reply/quote this, a reply/quote to this may can cause a nonsense discussion and a permanent loss of neurons)

Review "X" if you want, but be shure to share your best idea if you have ideas to solve/improve "X".
Are you going to criticize "X"?:
-Stop if you can (you may not know what you are talking about, no one knows everything)
-Explain why and wait for someone that have ideas to solve/improve "X" (if you think you may know what you are talking about)

Last edited by rgl808 (2020-12-26 00:28:13)


DistroWarp, Refractux

"Are you looking to do "Z"?. Do your research because "X" may will gradually
have access to your data and will limit how,what and when you can or can't do "Z""

Offline

#2 2020-12-22 21:45:13

golinux
Administrator
Registered: 2016-11-25
Posts: 2,171  

Re: Info » AppImage security and alternatives

Or better yet, just don't use "appimage" at all.  I suspect that there aren't many devuan users who would touch it.

Offline

#3 2020-12-22 22:29:18

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 1,530  
Website

Re: Info » AppImage security and alternatives

golinux wrote:

just don't use "appimage" at all

^ This.

See also https://www.techrepublic.com/article/wh … -on-linux/ & http://kmkeen.com/maintainers-matter/


Black Lives Matter

Offline

#4 2020-12-23 11:14:00

rgl808
Member
Registered: 2020-12-08
Posts: 35  
Website

Re: Info » AppImage security and alternatives

Thank you for reply.

Last edited by rgl808 (2020-12-23 21:12:38)


DistroWarp, Refractux

"Are you looking to do "Z"?. Do your research because "X" may will gradually
have access to your data and will limit how,what and when you can or can't do "Z""

Offline

#5 2020-12-23 12:00:28

rgl808
Member
Registered: 2020-12-08
Posts: 35  
Website

Re: Info » AppImage security and alternatives

My way to go:

1: apps from official distribution repositories
2: tar ball + binaries
3: apps from source
4: flatpak apps [try to avoid/dont promote]

Last edited by rgl808 (2020-12-23 21:13:10)


DistroWarp, Refractux

"Are you looking to do "Z"?. Do your research because "X" may will gradually
have access to your data and will limit how,what and when you can or can't do "Z""

Offline

#6 2020-12-23 12:40:29

dice
Member
Registered: 2020-11-22
Posts: 346  
Website

Re: Info » AppImage security and alternatives

Can these appimages be used in software centers like gnome software or kde etc? Ive never used them, just curious how they are got.


Do good things.  Share.  Be helpful.  Be decent.  Live large.

Offline

#7 2020-12-23 14:24:43

rgl808
Member
Registered: 2020-12-08
Posts: 35  
Website

Re: Info » AppImage security and alternatives

...

Last edited by rgl808 (2020-12-23 21:13:36)


DistroWarp, Refractux

"Are you looking to do "Z"?. Do your research because "X" may will gradually
have access to your data and will limit how,what and when you can or can't do "Z""

Offline

#8 2020-12-23 14:52:35

golinux
Administrator
Registered: 2016-11-25
Posts: 2,171  

Re: Info » AppImage security and alternatives

These pre-packaged all-in-one apps are an aberration and insult to Linux users.  Methinks they are for handicapped Winblows refugees who don't know what they're doing.

Offline

#9 2020-12-23 15:16:43

dice
Member
Registered: 2020-11-22
Posts: 346  
Website

Re: Info » AppImage security and alternatives

golinux wrote:

These pre-packaged all-in-one apps are an aberration and insult to Linux users.  Methinks they are for handicapped Winblows refugees who don't know what they're doing.

looks as though they are trying to emulate google play store, apple itunes, microsoft download etc for the gnome smartphone software, ever increasingly gnome desktop will probably morph into an android/iphone os spinoff. I was looking at that gnome look org and some of the top themes are all apple mac clones for gtk3, lol...

Last edited by dice (2020-12-23 15:18:24)


Do good things.  Share.  Be helpful.  Be decent.  Live large.

Offline

#10 2020-12-23 15:58:21

rgl808
Member
Registered: 2020-12-08
Posts: 35  
Website

Re: Info » AppImage security and alternatives

...

Last edited by rgl808 (2020-12-23 21:14:27)


DistroWarp, Refractux

"Are you looking to do "Z"?. Do your research because "X" may will gradually
have access to your data and will limit how,what and when you can or can't do "Z""

Offline

#11 2020-12-23 16:44:10

rgl808
Member
Registered: 2020-12-08
Posts: 35  
Website

Re: Info » AppImage security and alternatives

Analytics in each site: "Flatpak", "AppImage", "Snapcraft".

Flatpak:
di-WX9VML.png

AppImage:
9yiOpl0paQ.png

Snapcraft:
di-AYB3IV.png


DistroWarp, Refractux

"Are you looking to do "Z"?. Do your research because "X" may will gradually
have access to your data and will limit how,what and when you can or can't do "Z""

Offline

#12 2020-12-23 16:51:40

rgl808
Member
Registered: 2020-12-08
Posts: 35  
Website

Re: Info » AppImage security and alternatives

https://thp.io/2019/flatpak-vs-snapcraft.html

Distribution Packages

I still hope that there's a place for distribution packages. The leaf packages ("apps") do need some kind of sandboxing, as sandboxing is good and important to have (not only to protect the "root" user, but protect the user's data, as usually there's more privacy-related juicy info in $HOME than in all of the system folders).

Even with Flatpak, there's still some duplication (e.g. the GTK version from the distro package and the Freedesktop Platform Flatpak), but it's better than Snap's "let every snap ship with its own version of ICU" or AppImage's "just run this executable, it contains Everything" approach.


DistroWarp, Refractux

"Are you looking to do "Z"?. Do your research because "X" may will gradually
have access to your data and will limit how,what and when you can or can't do "Z""

Offline

#13 2020-12-23 18:37:52

rgl808
Member
Registered: 2020-12-08
Posts: 35  
Website

Re: Info » AppImage security and alternatives

After these replies i learned (hope this help someone):

"AppImages", "Flatpak" projects are good for portability

BUT

if we promote these projects may one day new linux users will left behind the distribution repositories replaced by one centralized platform like the "Apple""App Store"/"Google""Play Store".


DistroWarp, Refractux

"Are you looking to do "Z"?. Do your research because "X" may will gradually
have access to your data and will limit how,what and when you can or can't do "Z""

Offline

#14 2021-01-03 08:54:29

ToxicExMachina
Member
Registered: 2019-03-11
Posts: 209  

Re: Info » AppImage security and alternatives

Anyone who recommend flatpak should note that flatpak is a big security hole itself by design. Flatpak is also SystemD-exclusive package manager. Snap is the same thing as flatpak. As for Appimage it's important to understand that Appimage is just an auxiliary way of software distribution. Consider Appimage as an advanced tarball. Of course, tarball is simpler and way more open thing than Appimage.

There is a problem: corporations are trying to force way of thinking incompatible with sane technical solutions.

Offline

#15 2021-01-03 09:36:41

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 1,530  
Website

Re: Info » AppImage security and alternatives

ToxicExMachina wrote:

Flatpak is also SystemD-exclusive package manager.

Nope: https://pkgs.alpinelinux.org/packages?n … ranch=edge

And it's spelled "systemd" FFS... mad


Black Lives Matter

Offline

#16 2021-01-03 11:36:37

dice
Member
Registered: 2020-11-22
Posts: 346  
Website

Re: Info » AppImage security and alternatives

Head_on_a_Stick wrote:
ToxicExMachina wrote:

Flatpak is also SystemD-exclusive package manager.

Nope: https://pkgs.alpinelinux.org/packages?n … ranch=edge

And it's spelled "systemd" FFS... mad

why does this trigger you so?

When people spell it that way it always makes me think of that manga/anime cartoon initial D

Last edited by dice (2021-01-03 11:38:27)


Do good things.  Share.  Be helpful.  Be decent.  Live large.

Offline

#17 2021-01-03 12:38:21

zapper
Member
Registered: 2017-05-29
Posts: 239  

Re: Info » AppImage security and alternatives

dice wrote:
Head_on_a_Stick wrote:
ToxicExMachina wrote:

Flatpak is also SystemD-exclusive package manager.

Nope: https://pkgs.alpinelinux.org/packages?n … ranch=edge

And it's spelled "systemd" FFS... mad

why does this trigger you so?

When people spell it that way it always makes me think of that manga/anime cartoon initial D

I don't get that either, let's just refer to systemd or system-d as system dumb from now on. Since it is so buggy and crappy...


wink


Black Lives Matter!  I am white, but I prefer equality over hatred.
Haughtiness comes before a fall, pride before destruction.
Peace be with you!

Offline

#18 2021-01-04 20:56:42

mweishaar
Member
Registered: 2018-11-11
Posts: 13  

Re: Info » AppImage security and alternatives

I've used two appimages.

1. Kdenlive.  They implemented some new features in the latest version (20.12), and I am on 18.12.3 w/beowulf.  KDE provided the appimage.  I don't use it all that often, but the new features are nice. 

2. I have a live-usb-maker appimage from the MX-linux team.  For some reason, I couldn't get a bootable USB to work (i.e. boot) using unetbootin.

I don't mind them at all, but I wouldn't want to use them exclusively.

Offline

#19 2021-01-17 04:18:38

zapper
Member
Registered: 2017-05-29
Posts: 239  

Re: Info » AppImage security and alternatives

golinux wrote:

Or better yet, just don't use "appimage" at all.  I suspect that there aren't many devuan users who would touch it.

I have touched appimages in the past and occasionally still do, but that being said, you are probably right about appimage.

They probably aren't as secure or trustworthy as official repos for distros you trust.

I should add, i don't  flatpak and especially snaps even more so.

I am not sure about guix package manager, or other alternatives... but snap and npm ones currently rank my least trusted methods of installing.

Especially now that I know about ubuntu's non-free server for snaps. hmm

Aka, walled garden anyone?


Black Lives Matter!  I am white, but I prefer equality over hatred.
Haughtiness comes before a fall, pride before destruction.
Peace be with you!

Offline

Board footer