Open peterstadler opened 2 years ago
that phrase has long been a reminder of Sebastians cautious approach. a bit of history disappears when you remove it.
that phrase has long been a reminder of Sebastians cautious approach. a bit of history disappears when you remove it.
Yes, that's true. And I'm always really shy in overwriting his traces because I like those references! Yet I think this is a valid request and the current Debian packages of the TEI Guidelines, sources, and stylesheets are in no way unofficial nor unguaranteed.
I agree completely that the severity of this warning needs to be toned down. That said, the presumption OP (Dominique Meeùs) makes is incorrect:
Does one need “a bent for experimentation” to take the risk to install packages with text only, no binaries? Could this compromise the system?
There is quite a bit of binary code in there. E.g., 40 .js files in tei-p5-doc_4.4.0_all.deb, and a dozen .jar files in tei-xsl_7.53.0_all.deb. There is even a .java file somewhere. (And, of course, just running XSLT or XQuery can present a security risk.) Now, the vast majority of those executable files are simply taken from other, well-established packages that provide security updates as needed. (Which, I hope, we apply.) But the point is, we can not just say “no risk here”.
I smiled a bit at "Sebastian's cautious approach". The Oxford eXist instance that ran the original Roma had no admin password for years. :-)
@sydb is quite right in his analysis and in general there is probably no such thing as error-free software. Yet we don't warn our users from downloading the release artifacts from GitHub or SourceForge (that provide the same software as our Debian packages).
I believe this warning was introduced for those packages like rnv
, tei-emacs
, etc. that we don't provide anymore. (see https://web.archive.org/web/20171216015935/http://tei.oucs.ox.ac.uk/teideb/)
BTW, https://wiki.tei-c.org/index.php/TEIDebian would need to be updated as well
Well, yes, @martindholmes, Sebastian was only cautious when he thought it necessary. I am guessing that he felt it more advisable when dealing with the terrifying people who ran Debian in those distant days than when setting up a new toy on a machine in his own backyard. But in any case, I can see the wisdom of making the proposed change to the wording.
Right, @peterstadler. I am not suggesting we need much, if any, “scary binary stuff here” warning. Only suggesting we should not say “no worries, this is just text, it can’t do anything.
As Dominique Meeùs pointed out on TEI-L, people might be scared by the phrase "This is a set of unofficial, unguaranteed, Debian packages… If you don't know what they are for, don't touch them". https://github.com/TEIC/TEI-apt-repo/blob/e39ca11162d98ee82f84e79ba1d7c3e198803bdc/index.tmpl#L10-L14
It's probably safe to simply remove this disclaimer but we should additionally provide some more information about the packages itself.