[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sat, 2009-12-12 at 08:19 +0000, John Hansen wrote: > Neil Williams wrote: > > On Fri, 11 Dec 2009 21:45:02 +0000 > > Simon Waters <simon@xxxxxxxxxxxxxx> wrote: > > > > > >> Neil Williams wrote: > >> > >>> On Fri, 11 Dec 2009 20:36:28 +0000 > >>> > >>> It is convenient to download a pre-built .deb but it is not only > >>> insecure, it is a positive hindrance to normal upgrade behaviour > >>> across the rest of the distribution. > >>> > >> Although very handy for testing if you have a suitable machine around! > >> > > > > or a chroot - but then creating chroots isn't something most users do > > routinely, especially getting chroot packages to then use Xorg. > > > > > >> The source tarball setup file is a ruby file that tries to install > >> grism to /usr/bin, so unless you know Ruby, I'd skip trying to run it > >> from source. > >> > > > > Naughty. > > > > > >> On a vanilla Debian Lenny install it installs a menu option under > >> "Office". It starts and stops as you'd expect. I added Share to > >> Watch, I added share to portfolios, it calculated profit/loss. > >> > >> Best I could say is it shows promise. > >> > >> It crashed trying to chart a year of IBM stock. > >> > > > > :-( > > > > > >> Because it is always retrieving stuff from Yahoo it is surprisingly > >> slow (it should pre-empt my needs more probably and get rid of the > >> round trip delays). > >> > >> It doesn't support alerts or other features common to Yahoo! Finance, > >> Google finance. > >> > >> So probably not the tool John was looking for. Although any Ruby > >> programmers might think "I can fix it". > >> > > > > Doesn't sound like it's ready for Debian at the moment either. It would > > need a Ruby developer already working with the Debian Ruby team to get > > it into some sort of decent shape. > > > > Just because software is free doesn't mean it's any good - there can be > > other reasons why package foo isn't in Debian or Ubuntu apart from a > > lack of time by interested maintainers, the package may just be crud. > > > > > So it is back to looking for a suitable and secure programme. > Neil's comments are quite worrying so I shall follow his advice. > > Have a nice weekend! > > > John W > > All this stuff about how installing a .deb file from a projects website rather than from the ubuntu/debian repositories could be dangerous is frankly pants. Exactly what nasties could be inserted? (OK probably some), but there has never been a linux virus malware example seen in the wild. There has never been an example of a .deb file from a project website installing one of these non-existent nasties! If there had been someone would have noticed fast! It would have been all over forums like this one and the perps well and truly outed. So to tell someone all this stuff about non existing dangers is paranoid, irresponsible and hysterical. Sounds like this particular app is not in the repository because it's not ready for it and the developers know this. I always try and get stuff from the official/semi official repository's, but if the app isn't there I'm frankly grateful the project has been thoughtful enough to put a .deb together. As for compiling from source, well unless you're going to inspect it line by line there could be anything in there! People who spread this kind of FUD are probably paid to do it by closed source copyrighted software organisations to scare people away from OSS! Simon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html