I wanted to know which is the safest way to install applications when this are not on the main repository, I mean safe in the sense of both not unintentionally installing malware and not damaging or creating conflicts within my OS.


I have read some people saying that SNAP could damage your system, others that .deb do, so I'm a bit confused since there are multiple opinions on the subject. Still, I guess that the best way is compiling from source, but if I can't do that, what's next?



I am using Debian 10.

Could you please tell us what software you'd like to install? And could you also mention the use case (server or desktop/laptop).

On my servers I mostly run my applications as Docker containers. They're quite well separated from the main OS. I am no real expert but I can manage them quite well.

I also suggest you that best way is compiling from source.If you don't do that then i think SNAP is best way.

I am not refering to a particular software, just asking in general, because I want to try and install all software in the best way possible so I will not have future problems with my OS. I am running it on a desktop machine.


I don't know how to use Docker yet. :/

Mmm, okay, so the main idea is to try to avoid .deb whenever possible, right?

Instead of trying to install random .deb packages you have downloaded, it is best practice to install software from the Debian repos.
Using the Debian package management tools ie: apt etc you won't run into problems.

Here is some suggested reading:

https://wiki.debian.org/PackageManagement

https://www.debian.org/doc/manuals/d...gtools.en.html

1 members found this post helpful.

Official repositories is always the safest choice.
Compiling source code is also safe. You can avoid damage and conflicts by using "/opt/<package_name" as prefix with "./configure" command or install and use "stow" to easily activate / deactivate packages.

@ 86153c1d-3ebd-4643-8885:-

I would seriously consider trying out the AppImage format.

Although the stock answer in Linux is to always, always use the repositories, there's a growing trend developing for an equivalent to the 'Windows-PortableApps'. This is where Snaps, FlatPaks, AppImages, and the like are coming from.

I know the older Linux stalwarts will have my head in a vice for saying this, but due to the trend of more & more individuals growing disillusioned with Windows - especially given 10's predilection for 'data-harvesting' - there's an increasing number of folks looking for an alternative to the status quo.....and for many, Linux makes the most sense, especially since it's approaching nearly 3 decades in use.

For these individuals, they don't always want to have to learn totally new ways of doing things. They're used to just downloading things, and simply clicking on them to run 'em. Why should they have to be 'turned off' the idea of using Linux (or turned away), simply because we insist on sticking to 'tried & true' principles? Moreover, what's to stop some of us spreading our wings, and moving with the times? Must we remain stuck in the rut of doing things the same way, simply because that's the way we've always done them...?

Linux devs do go out of their way to come up with new ways of doing stuff. The least some of us can do is to give them a try.

Okay, I hear some of you say; he uses Puppy Linux, which marks him out as an IDIOT to start with, so we shouldn't take anything he says too seriously. Well, I've recently set up an install of the flagship Puppy, Bionicpup64, from scratch (which took around an hour and a half) and more than half of all my installed apps are running as AppImages, sym-linked in from a dedicated directory on an external partition.....a format which, I might add, works extremely well with Pup's admittedly 'odd' (to most of you) way of doing things. AppImages are intended to run in /tmp for the duration of a session, and with Puppy running in a 'temporary', virtual file-system in RAM anyway, it all gels rather nicely. It's also extremely quick (and easy) to 'update' an item when the time comes. Simply delete the old one, download & click-to-run the new one. Easy-peasy.

Admittedly, I'm talking about 'major' items, like the GIMP, and LibreOffice. These are available from the app's own official websites, and where not, usually from project pages on Github.....which I've never had any issues with, even since M$ bought them out.....

I just like AppImages. Personal choice.


Mike.

1 members found this post helpful.

building from source is really the only way if you ARE NOT going to use the OS's repos

in your case i am GUESSING here -- one of the debian family of OS's

most programs are well documented on just how to build

However over the years i have found that "The Gimp" is the best and most documented and is very good for learning the basics

https://www.gimp.org/
https://www.gimp.org/source/

Google is your friend , USE IT

a link to the page that has the documentation
https://wiki.gimp.org/wiki/Hacking:Building

HOWEVER
It is way easier to run
BUT

building gimp and it's needed files will TEACH you how to do it

@random-UUID:
There is no single correct answer here.

• Containerised formats (snap, flatpak, maybe even docker) come with their own challenges and limitations.
• “Random” .debs from the web might be designed for a different release of Debian or, worse, Ubuntu (edit: but they might just as well be perfectly suitable for your system)
• ANY software could be bad/malware - even if you compile it yourself!
• compiling yourself is harmless if tricky, but installing the result to your system might pose some challenges. In other words: make by all means, but think before you sudo make install. Many softwares can run locally from where you ‘make’d them (not installed)

In any case, multiple discrimination criteria need to be applied.

1 members found this post helpful.

If you really must compile from source with Debian the following shows how to go about it the right way:

compile from source

First install it in a container (like docker) or a VM, if possible. Or use a test host/OS just for that. But anyway, if you are unsure probably better to find another safer solution instead.

source code from the one that wrote it.
./configure
make
make install

they are all done this way before being put into a package (deb, rpm, etc)
then you can use whatever distro you're using way of packaging the source code and put it into that format then install it if you please.
as far as "is it safe?"
you would have to either read through each line of code and find what you'd conciser safe or not before compiling and adding it into your system, or ask the developer the twenty questions game to try and determine if he or she is trustworthy, or search online to see if anyone else did that before you then posted about it.
or just install it and forget about the paranoia behind it.

I tend to do:

That installs the program into ~/.local, with the executables in ~/.local/bin and its other files (documentation, etc) in ~/.local/share. That's pretty safe.

doesn't
prefix=/usr -> /usr/bin
prefix=/usr/local -> /usr/local/bin

even though you're putting yours into a hidden dir in home. whereas depending on what distro one is using some do not even use /usr/local so (sometimes) I put my what I added from source into that so it keeps it separated.

I don't understand how using prefix=/usr gets it to install into a hidden dir in your home.