"Mark Tompsett" <mtompset@hotmail.com>
[...] I also don 't think a wrapper for sudo apt-get install calls based on an existing file we provide is any different:
$ ./install_misc/ubuntu-packages.sh -i
vs.
$ sudo apt-get install dselect $ sudo dpkg --set-selections < install_misc/ubuntu.packages $ sudo dselect
Frankly, not having to install dselect (one less thing on the server = good), less typing (less prone to errors = good), less figuring out problems (=good -- oh, use ubuntu.10.04.packages on ubuntu 10.04 instead = bad). As for your security concern, where does the line of trust get drawn? I don't think a retooled script is a big issue.
There is a big difference between asking people to run a downloaded script as an admin user and asking them to use already-installed system utilities. The system utilities have man pages, are signed by the distributor and are usually limited in the tasks that they do. Downloaded scripts have variable documentation, are rarely signed and can do absolutely everything. I feel this is a big issue: we shouldn't be encouraging people in bad security habits, like to run random scripts as root or let them sudo. Where does the line of trust get drawn? For me, it's "in god we trust... all others must bring data." It's not paranoia when they're really out to get you and there's a lot of people on the internet who really ARE out to get you. Spend some time working for Internet Service Providers (which is how our co-op started), deal with a few cracked websites and servers (which was often why people called us in - too late, but not necessarily beyond help), it might change one's view on this. One might say that an admin has to trust us to run Koha, so they should just run the script as part of that trust. But they don't need to trust us to run Koha - I've installed it without root before, although it wasn't pretty - and there's always the risk of someone setting up a spoof download.koha-community.org (I hear someone is already using koha.org for a fork...) and doing Really Bad Things in the admin script included in that one, to punish people for something or other. Or one might say that any good admin should check the script thoroughly before use, but those scripts quickly become long as they cope with more edge cases or feature creeps. How many admins would read it all? And then they've got to understand the scripting language too, which is more complex than just a few apt-get and dpkg commands as it copes with stuff like default values or stopping if an earlier command fails, which humans are pretty good at, as standard. Most of the time I dealt with such installation scripts during packaging for various distributions, I was horrified by the bad habits in them - they usually needed rewriting to stand any chance of passing QA and working in reasonably-forseeable situations. So, please, avoid a "sudo ./ubuntu-install.sh" or similar. Would it still be necessary to install dselect if the "dselect install" command was changed to "apt-get dselect-upgrade"? However, that would still suffer from ubuntu's multiarch bug. Can we bulk-edit the package selections another way? I've not yet found one. Worst case, could we use a script that suggests the right "apt-get install ..." command? Is there a flaw in that I'm not seeing? Hope that explains, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/