[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: KLIK - Userspace Software Installation

Am Donnerstag 11 Oktober 2007 07:30 schrieb Andreas Tille:
> What about forgetting this thought?

Dear Andreas, I nearly am. But the more I google for security + klik + 
linux, the more I wonder: Is there hard facts that proving KLIK's 
harmfulness - or is it just a prejudice against easy-to-use systems?


has got some comments like this: "As a bonus, the linked application 
only runs with the user's privilege level. That means if it's a 
malicious app, it won't hose the whole system, and security/recovery 
becomes much easier."

It also seems to be usable (i.e. installable) from any Linux system 
without root rights. 

Kurt Pfeifle states at http://dot.kde.org/1126867980/

"If you are bit security concerned, you may want to know what klik does 
to your system. Here's the pitch:

    * Its .cmg files are self-contained AppDirs (applications 
directories), compressed into a cramfs or zisofs file system.
    * To run the contained app, klik mounts the bundle file 
underneath /tmp/app/1/ and runs it from there; if mounted, the bundle 
looks like it is a subdirectory expanded into the real directory 
structure of the host.

It's very much similar to how applications on Mac OS X works....

If you are even more cautious, or paranoid, you surely want to 
investigate more closely and see how klik operates on your system. 
Follow these steps to find out more details:"

"klik's smartness is all contained in a few shell scripts and typical 
KDE config files, as you can easily see...

For most of the 4000+ packages available from the klik warehouse, 
the "download" consists of a "recipe". The recipe tells the klik client 
where to fetch the binaries from (in most cases .deb packages from the 
official Debian repositories), how to unpack them, and how to 
re-package and compress them into the final .cmg image. So the klik 
client does most of the work and builds its own .cmg file in most 

"I also know that I definitely would love to get quick access to kpdf, 
KWord, amaroK, Quanta and Kommander snapshots which I can run on my 
stable [Debian] system with the reassuring feeling that the most that 
can go wrong is that the test app doesnt run at all, and all I had to 
do is just delete it again, to have my system reverted to its original 

Reply to: