Re: KLIK - Userspace Software Installation

To: debian-edu@lists.debian.org
Subject: Re: KLIK - Userspace Software Installation
From: RalfGesellensetter <rgx@gmx.de>
Date: Thu, 11 Oct 2007 16:47:36 +0200
Message-id: <[🔎] 200710111647.37604.rgx@gmx.de>
In-reply-to: <[🔎] Pine.LNX.4.64.0710110725030.29887@wr-linux02>
References: <[🔎] 200710061627.20721.rgx@gmx.de> <[🔎] 200710101704.18642.rgx@gmx.de> <[🔎] Pine.LNX.4.64.0710110725030.29887@wr-linux02>

Am Donnerstag 11 Oktober 2007 07:30 schrieb Andreas Tille:
> What about forgetting this thought?

Dear Andreas, I nearly am. But the more I google for security + klik + 
linux, the more I wonder: Is there hard facts that proving KLIK's 
harmfulness - or is it just a prejudice against easy-to-use systems?

http://linux.slashdot.org/article.pl?sid=05/01/15/1815210&tid=90

has got some comments like this: "As a bonus, the linked application 
only runs with the user's privilege level. That means if it's a 
malicious app, it won't hose the whole system, and security/recovery 
becomes much easier."

It also seems to be usable (i.e. installable) from any Linux system 
without root rights. 

Kurt Pfeifle states at http://dot.kde.org/1126867980/

...
"If you are bit security concerned, you may want to know what klik does 
to your system. Here's the pitch:

    * Its .cmg files are self-contained AppDirs (applications 
directories), compressed into a cramfs or zisofs file system.
    * To run the contained app, klik mounts the bundle file 
underneath /tmp/app/1/ and runs it from there; if mounted, the bundle 
looks like it is a subdirectory expanded into the real directory 
structure of the host.

It's very much similar to how applications on Mac OS X works....

If you are even more cautious, or paranoid, you surely want to 
investigate more closely and see how klik operates on your system. 
Follow these steps to find out more details:"
...

"klik's smartness is all contained in a few shell scripts and typical 
KDE config files, as you can easily see...

For most of the 4000+ packages available from the klik warehouse, 
the "download" consists of a "recipe". The recipe tells the klik client 
where to fetch the binaries from (in most cases .deb packages from the 
official Debian repositories), how to unpack them, and how to 
re-package and compress them into the final .cmg image. So the klik 
client does most of the work and builds its own .cmg file in most 
cases."

...
"I also know that I definitely would love to get quick access to kpdf, 
KWord, amaroK, Quanta and Kommander snapshots which I can run on my 
stable [Debian] system with the reassuring feeling that the most that 
can go wrong is that the test app doesnt run at all, and all I had to 
do is just delete it again, to have my system reverted to its original 
state."

Reply to:

Follow-Ups:
- Re: KLIK - Userspace Software Installation
  - From: Andreas Tille <tillea@rki.de>
- Re: KLIK - Userspace Software Installation
  - From: "Herman Robak" <herman@skolelinux.no>

References:
- KLIK - Userspace Software Installation + Stats (popcon) + New Apps
  - From: RalfGesellensetter <rgx@gmx.de>
- Re: KLIK - Userspace Software Installation
  - From: RalfGesellensetter <rgx@gmx.de>
- Re: KLIK - Userspace Software Installation
  - From: Andreas Tille <tillea@rki.de>

Prev by Date: Re: KLIK - Userspace Software Installation
Next by Date: Re: KLIK - Userspace Software Installation
Previous by thread: Re: KLIK - Userspace Software Installation
Next by thread: Re: KLIK - Userspace Software Installation
Index(es):
- Date
- Thread