Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Installing any PPA is safe? What must be considered?

  1. #1
    Join Date
    Dec 2018
    Beans
    13

    Installing any PPA is safe? What must be considered?

    As is well known, there are multiple repositories where the Linux software (Main, Universe, Multiverse, restricted) is stored. Does any of these contain reliable software?


    On the other hand, is any ppa safe? How to know if it is official?


    Assuming that I have these two repositories and I do not know if they are official or reliable to install the software. How do I know if they are reliable?


    sudo add-apt-repository ppa: nvbn-rm/ppa


    sudo add-apt-repository ppa: notepadqq-team/notepadqq

  2. #2
    Join Date
    Oct 2006
    Beans
    57,589

    Re: Installing any PPA is safe? What must be considered?

    The trust level for any particular PPA is down to you to assess, by their very nature Personal Package Archives can be created by anyone, including those with ill intent. Certainly you can ask around if you are unsure of the validity of any particular PPA but in the end only you can decide if you trust them.

    The first PPA that you post above has no current repository available for anything later than Ubuntu 15.04, so probably not a good idea to use it and the second one that you post has no Cosmic repository. What version of Ubuntu are you running ?

  3. #3
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Installing any PPA is safe? What must be considered?

    A fairly complete post found here: https://askubuntu.com/questions/3562...-watch-out-for
    Just for the record though, I have not found an "Offical" PPA.

    The only way to be absolutely certain is by reading the code and checking if it is repoerted as malicious.

    If you can't read code or don't have the time to do so (almost no one does ) you can verify how safe it is by:

    • Use a search engine to get more information about the ppa.
      Check if there are articles describing the ppa (if a ppa has a lot of hype around itself, there is a good change someone did check how safe it is).
    • The amount of contributors. If there are a lot of different people working on a project, it gets really hard to implement malicious features (unless they work together on the malicious features of course) without getting noticed by the other contributors.


    If besides all these options you still don't trust a ppa, you could install it in a virtual machine and test it there yourself.
    Ninja'd by howefield
    Last edited by 1fallen; December 27th, 2018 at 02:47 PM.
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags

  4. #4
    Join Date
    Dec 2018
    Beans
    13

    Re: Installing any PPA is safe? What must be considered?

    I thought that a PPA before being able to be created had to go through a series of standards, so sometimes it is better to ask.

    The version that I am currently using (provisionally at the moment) is version 16.04 LTS. How did you find out that you do not have a current repository for anything after Ubuntu 15.04? Can you find out how many users download it? (It could also help to make the decision to download the package)

  5. #5
    Join Date
    Oct 2006
    Beans
    57,589

    Re: Installing any PPA is safe? What must be considered?

    Quote Originally Posted by dimmetrix View Post
    .....How did you find out that you do not have a current repository for anything after Ubuntu 15.04? Can you find out how many users download it? (It could also help to make the decision to download the package)
    Go to the PPA launchpad page.. https://launchpad.net/~nvbn-rm/+archive/ubuntu/ppa for details about the PPA. Don't think there is a way of telling how many downloads there are, but could be wrong about that.

  6. #6
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Installing any PPA is safe? What must be considered?

    Quote Originally Posted by howefield View Post
    Go to the PPA launchpad page.. https://launchpad.net/~nvbn-rm/+archive/ubuntu/ppa for details about the PPA. Don't think there is a way of telling how many downloads there are, but could be wrong about that.
    +1
    The 2 things that matter to myself after I do a search for PPA info, is
    • If it supports the current version of Ubuntu that I/You are running.
    • And how current it is kept or maintained.

    In my screenshot it will show you how to check all of this.
    The PPA that howefield mentions has not received any changes for over 2 years now. (So I would not use it)
    Opps forgot to add how to view stats/Downloads on a PPA: https://fosspost.org/tutorials/how-t...any-ubuntu-ppa
    Attached Images Attached Images
    Last edited by 1fallen; December 27th, 2018 at 04:19 PM. Reason: added info
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags

  7. #7
    Join Date
    Oct 2017
    Beans
    141

    Re: Installing any PPA is safe? What must be considered?

    I would add that if you use a software, lets say "Remmina", and the very devs of remmina are maintainers of remmina ppa, it is reasonable to trust the ppa.

  8. #8
    Join Date
    Apr 2008
    Location
    Norwich CT
    Beans
    2,661
    Distro
    Ubuntu Mate

    Re: Installing any PPA is safe? What must be considered?

    I use Aqualung, a gapless music player, for my college radio show. It was in the repos, then a PPA was available for it. That PPA has not been updated since Xenial, so I have to compile it myself, which requires a raft of necessary and optional dependencies, and made the first compilation Dependency Hell. It does indeed work, and I've been happy with the intermediate knowledge of compilation I possess.

    I drink my Ubuntu black, no sugar.
    Ubuntu user 28819

  9. #9
    Join Date
    Apr 2014
    Beans
    793

    Re: Installing any PPA is safe? What must be considered?

    I avoid compiling like the plague. As such my general rule for ppa's, or any external repo is simple. If I have no choice, I use the ppa. For example, Makemkv and Kodi are 2 things I need the latest stable versions of. Makemkv isn't in the official repos and I need it to rip DVD's (it can rip stuff handbrake chokes on in my experience), and the supplied version of Kodi is to old to work with the Xenial release of Mythtv. As such I have no choice if I want my media center to work. But I don't blindly add ppas for everything like many websites suggest one does. Always stick to the main repos if possible > external and you will have a smoother ride nearly every time.

    It's also worth noting that when people suggest ppas they are pointing you toward newer releases. SNS syndrome. Newer doesn't always mean better. In some cases they are less stable because they haven't gone through the testing period for a stable release. The so called improvements aren't usually even noticeable to the end user. The stuff in the repos I can count on to work every time.
    Last edited by Tadaen_Sylvermane; December 27th, 2018 at 06:30 PM.

  10. #10
    Join Date
    Dec 2018
    Beans
    13
    Quote Originally Posted by 1fallen View Post
    +1
    The 2 things that matter to myself after I do a search for PPA info, is
    • If it supports the current version of Ubuntu that I/You are running.
    • And how current it is kept or maintained.

    In my screenshot it will show you how to check all of this.
    The PPA that howefield mentions has not received any changes for over 2 years now. (So I would not use it)
    Opps forgot to add how to view stats/Downloads on a PPA: https://fosspost.org/tutorials/how-t...any-ubuntu-ppa
    Great contribution! Thank you very much for this.

    I'll keep it in mind.

    Quote Originally Posted by oldrocker99 View Post
    I use Aqualung, a gapless music player, for my college radio show. It was in the repos, then a PPA was available for it. That PPA has not been updated since Xenial, so I have to compile it myself, which requires a raft of necessary and optional dependencies, and made the first compilation Dependency Hell. It does indeed work, and I've been happy with the intermediate knowledge of compilation I possess.
    It is excellent to have that level of knowledge. I'm still in the beginning (sometimes I do not even know where to start with the programming) but I also believe that for this to be reliable, you also have to have computer security knowledge to detect the BUG that may be violated. In addition, a single person is not the same as hundreds of thousands of people reviewing the code.

    Quote Originally Posted by Tadaen_Sylvermane View Post
    I avoid compiling like the plague. As such my general rule for ppa's, or any external repo is simple. If I have no choice, I use the ppa. For example, Makemkv and Kodi are 2 things I need the latest stable versions of. Makemkv isn't in the official repos and I need it to rip DVD's (it can rip stuff handbrake chokes on in my experience), and the supplied version of Kodi is to old to work with the Xenial release of Mythtv. As such I have no choice if I want my media center to work. But I don't blindly add ppas for everything like many websites suggest one does. Always stick to the main repos if possible > external and you will have a smoother ride nearly every time.

    It's also worth noting that when people suggest ppas they are pointing you toward newer releases. SNS syndrome. Newer doesn't always mean better. In some cases they are less stable because they haven't gone through the testing period for a stable release. The so called improvements aren't usually even noticeable to the end user. The stuff in the repos I can count on to work every time.
    Thanks for your opinion. I agree with what you say.
    Last edited by deadflowr; January 2nd, 2019 at 08:27 AM. Reason: merged posts

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •