Re: KLIK - Userspace Software Installation
Hi there,
Let me summarize what I get from this discussion:
A. Degrees of Support and Integration
In general, we should distinct different degrees of how
Skolelinux/Debian Edu supports or integrates features. Personally, I
suggest these four:
1. Uppermost, I'd name features that come with any installation, like
KDE or LWAT on servers. These software packages are entirely integrated
and thus must get support in the most official way possible.
2. Features, Skolelinux is prepared for, but that are not delivered as
part of its installation, could be regarded as secondary. This would
include any stable Debian package, but also Windows clients (ready to
plug in via Samba) and any Java Applet out there in the web that can be
run in Firefox aka Iceweasel (GeoGebra is a good one here, but believe
me, there is also less nice ones).
3. Supported to the 3rd degree, I'd name any application that can be
used with any Linux system, but is not encouraged to use. This may
include installing third party software like GoogleEarth or Skype by
means of their graphical installer, using additional repositories like
debian-multimedia or linex.org and so on.
This level is beyond official support, but still we might use its range
to promote Skolelinux's diversity and educational value.
4. Now, there are applications that are supported in a technical way,
but that is seriously discouraged to use. This might start with
backports that draw in inofficial base libs (like libc6) without any
security upgrades or applications that are knowingly vulnerable. Also
applications that give root rights to users should be named here. Using
such software packages or means of integration, will clearly remove any
kind of right to blame Skolelinux/Debian Edu for possible harm. (These
applications are not supported at all by the Skolelinux team as service
provider)
If we can settle to such a cascading model of degrees of integration and
support, it would make things easier to discuss:
My intention was never to integrate KLIK in our base installation (1).
But in some way its mechanism is similiar to Java Apps (2) -
nonregarding a missing sandbox - or to the installer of GoogleEarth
(3). As this is the official mailing list of Debian Edu developers, it
is quite understandable, that any responsibility for possible
consequences of using KLIK will be rejected. So, among fellow admins -
i.e. on a users list - it might be discussed, if KLIK should be
regarded as carefully accepted addition (3) or as harmful extension (4)
that makes you use any control.
As I said in the beginning, I am still undecided in this question. In
order to get some 'coordinates' I'll state these comparisms:
(i) Compared to a Java Applet, KLIK applications do not run in a
sandbox, that _is_ provided by the Java VM (taking many ressources on
the other hand). But then, the amount of KLIK apps seems to be
selected, many apps are Debian packages. As I got it, KLIK apps run
from a loop device contained in an image file - thus not interfering
with the local file system at all.
Both are installable by any user - and while Java Apps use more RAM and
CPU, I suppose that KLIK would use more space on hard disk.
(ii) Compared to backports, KLIK apps are selfcontained. All needed
libraries are statically linked and within the image file. In former
times, I read many howtos about installing backports of Openoffice.org
2.x (very understandable). In most cases this installation drew in
critical base libraries. Compared to this, KLIK applications look more
secure to me. On the other hand, yes, only root can install backports.
(iii) Compared to third party software like Acrobat Reader, I'd call
KLIK applications very comparable. Maybe the central database of
selected packages and the possibility to rate applications (and to
notify non-working stuff).
We can try to find a decision if to classify KLIK as supported by 3rd or
4th degree, but we need not encourage people to use it (2nd degree).
And what about extensions to Firefox or Openoffice.org by the way?
I just wonder if anybody actually tried out KLIK in a multi-user
environment in order to provide their experiences. But this quesion is
to be raised on a user list (not developers) I feel.
Thanks for your objective contributions.
With kind regards
Ralf
P.S.:
Am Freitag 12 Oktober 2007 18:36 schrieb Holger Levsen:
> So, why do I say "security nightmare" to klik? Because it provides
> freedom, where it's not needed
nice quote for our database ;) (What others might get from it: Freedom
is a nightmare).
Sorry, for that - but I remember other statements that protecting youth
from inappropriate web pages by means of squid is not acceptable as it
cuts the freedom of free software (roughly spoken).
Reply to: