[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: KLIK - Userspace Software Installation

Hi there,

Let me summarize what I get from this discussion:

A. Degrees of Support and Integration

In general, we should distinct different degrees of how 
Skolelinux/Debian Edu supports or integrates features. Personally, I 
suggest these four:

1. Uppermost, I'd name features that come with any installation, like 
KDE or LWAT on servers. These software packages are entirely integrated 
and thus must get support in the most official way possible.

2. Features, Skolelinux is prepared for, but that are not delivered as 
part of its installation, could be regarded as secondary. This would 
include any stable Debian package, but also Windows clients (ready to 
plug in via Samba) and any Java Applet out there in the web that can be 
run in Firefox aka Iceweasel (GeoGebra is a good one here, but believe 
me, there is also less nice ones).

3. Supported to the 3rd degree, I'd name any application that can be 
used with any Linux system, but is not encouraged to use. This may 
include installing third party software like GoogleEarth or Skype by 
means of their graphical installer, using additional repositories like
debian-multimedia or linex.org and so on. 
This level is beyond official support, but still we might use its range 
to promote Skolelinux's diversity and educational value.

4. Now, there are applications that are supported in a technical way, 
but that is seriously discouraged to use. This might start with 
backports that draw in inofficial base libs (like libc6) without any 
security upgrades or applications that are knowingly vulnerable. Also 
applications that give root rights to users should be named here. Using 
such software packages or means of integration, will clearly remove any 
kind of right to blame Skolelinux/Debian Edu for possible harm. (These 
applications are not supported at all by the Skolelinux team as service 

If we can settle to such a cascading model of degrees of integration and 
support, it would make things easier to discuss:

My intention was never to integrate KLIK in our base installation (1). 
But in some way its mechanism is similiar to Java Apps (2) - 
nonregarding a missing sandbox - or to the installer of GoogleEarth 
(3). As this is the official mailing list of Debian Edu developers, it 
is quite understandable, that any responsibility for possible 
consequences of using KLIK will be rejected. So, among fellow admins - 
i.e. on a users list - it might be discussed, if KLIK should be 
regarded as carefully accepted addition (3) or as harmful extension (4) 
that makes you use any control.

As I said in the beginning, I am still undecided in this question. In 
order to get some 'coordinates' I'll state these comparisms:

(i) Compared to a Java Applet, KLIK applications do not run in a 
sandbox, that _is_ provided by the Java VM (taking many ressources on 
the other hand). But then, the amount of KLIK apps seems to be 
selected, many apps are Debian packages. As I got it, KLIK apps run 
from a loop device contained in an image file - thus not interfering 
with the local file system at all.
Both are installable by any user - and while Java Apps use more RAM and 
CPU, I suppose that KLIK would use more space on hard disk.

(ii) Compared to backports, KLIK apps are selfcontained. All needed 
libraries are statically linked and within the image file. In former 
times, I read many howtos about installing backports of Openoffice.org 
2.x (very understandable). In most cases this installation drew in 
critical base libraries. Compared to this, KLIK applications look more 
secure to me. On the other hand, yes, only root can install backports.

(iii) Compared to third party software like Acrobat Reader, I'd call 
KLIK applications very comparable. Maybe the central database of 
selected packages and the possibility to rate applications (and to 
notify non-working stuff). 

We can try to find a decision if to classify KLIK as supported by 3rd or 
4th degree, but we need not encourage people to use it (2nd degree). 
And what about extensions to Firefox or Openoffice.org by the way?

I just wonder if anybody actually tried out KLIK in a multi-user 
environment in order to provide their experiences. But this quesion is 
to be raised on a user list (not developers) I feel.

Thanks for your objective contributions. 
With kind regards


Am Freitag 12 Oktober 2007 18:36 schrieb Holger Levsen:
> So, why do I say "security nightmare" to klik? Because it provides
> freedom, where it's not needed

nice quote for our database ;) (What others might get from it: Freedom 
is a nightmare).

Sorry, for that - but I remember other statements that protecting youth 
from inappropriate web pages by means of squid is not acceptable as it 
cuts the freedom of free software (roughly spoken).

Reply to: