| > If you don't trust the installer, you sure as hell can't trust the product I can't think of ten pieces of software with excellent installers. Software distributors generally pay very little attention to the installer. That is because installers are written by people who want to try and make it easy to install something, and don't really care about anything else. If they can get you to install something, helping you remove it isn't their problem. If they can get you to install something, protecting you from really unlikely things like someone hacking their CDN and delivering malware is a high quality problem: Either they have enough users so that they will be forgiven, or they won't have enough users and the project is abandoned anyway. I don't trust installers. I don't trust installers to document what they're doing, or tell me where files go, because they don't. I don't trust installers to deliver a secure transparent experience, because they don't. I don't trust installers to consider conflicts, like what else do I have installed because they don't. I don't trust installers to create security boundaries, protecting me and my files from bugs in the software, because they don't. For things that are open source, I try to use the software in-tree without installing it. For other things, I evaluate using a virtual machine. Seriously, I don't trust installers because all of you are bad at them. > The problem we face is, how can we make it easy to install something, while still being safe and maintainable? Google, Apple, Microsoft, et al have recommended publishing platforms (aka "app stores") that are designed to specifically solve this problem. For Debian and the derived, we can approach a Debian Maintainer and ask them for help getting it into Debian. For other distributions, we can take similar steps. If we insist on publishing things ourselves, we can make our software really portable: Let it live in any directory, and not touch any files. Make it easy for the user to verify this. If we can't do that, we can document the details: Explain all the files we touch and why, and recommend users create separate user accounts (or containers/virtual machines) to really protect themselves. Try to get people used to this level of care because having a positive experience with good software with excellent documentation[1] will give you pause when faced with anything else. Honestly, the number of programs that want to run as root or as my user account is terrifying, and the amount of work necessary to sandbox unknown apps really makes me not want to bother. I know most people don't worry about this, so purely from a "hurr hurr move fast" point of view, this isn't anything anyone needs to worry about: `curl | bash` is good enough, and will likely be good enough for a long time. [1]: http://cr.yp.to/qmail.html |
Its why I stick everything in a container now, as then I don't care what software does to its filesystem, and I only push what directories I want it to have into it. This also lets me run multiple versions of software when the software does not normally support that.