apply less frightening wording on index page

[peterstadler]

As Dominique Meeùs pointed out on TEI-L, people might be scared by the phrase "This is a set of unofficial, unguaranteed, Debian packages… If you don't know what they are for, don't touch them". https://github.com/TEIC/TEI-apt-repo/blob/e39ca11162d98ee82f84e79ba1d7c3e198803bdc/index.tmpl#L10-L14

It's probably safe to simply remove this disclaimer but we should additionally provide some more information about the packages itself.

[lb42]

that phrase has long been a reminder of Sebastians cautious approach. a bit of history disappears when you remove it.

[peterstadler]

that phrase has long been a reminder of Sebastians cautious approach. a bit of history disappears when you remove it.

Yes, that's true. And I'm always really shy in overwriting his traces because I like those references! Yet I think this is a valid request and the current Debian packages of the TEI Guidelines, sources, and stylesheets are in no way unofficial nor unguaranteed.

[sydb]

I agree completely that the severity of this warning needs to be toned down. That said, the presumption OP (Dominique Meeùs) makes is incorrect:

Does one need “a bent for experimentation” to take the risk to install packages with text only, no binaries? Could this compromise the system?

There is quite a bit of binary code in there. E.g., 40 .js files in tei-p5-doc_4.4.0_all.deb, and a dozen .jar files in tei-xsl_7.53.0_all.deb. There is even a .java file somewhere. (And, of course, just running XSLT or XQuery can present a security risk.) Now, the vast majority of those executable files are simply taken from other, well-established packages that provide security updates as needed. (Which, I hope, we apply.) But the point is, we can not just say “no risk here”.

[martindholmes]

I smiled a bit at "Sebastian's cautious approach". The Oxford eXist instance that ran the original Roma had no admin password for years. :-)

[peterstadler]

@sydb is quite right in his analysis and in general there is probably no such thing as error-free software. Yet we don't warn our users from downloading the release artifacts from GitHub or SourceForge (that provide the same software as our Debian packages).

I believe this warning was introduced for those packages like rnv, tei-emacs, etc. that we don't provide anymore. (see https://web.archive.org/web/20171216015935/http://tei.oucs.ox.ac.uk/teideb/)

BTW, https://wiki.tei-c.org/index.php/TEIDebian would need to be updated as well

[lb42]

Well, yes, @martindholmes, Sebastian was only cautious when he thought it necessary. I am guessing that he felt it more advisable when dealing with the terrifying people who ran Debian in those distant days than when setting up a new toy on a machine in his own backyard. But in any case, I can see the wisdom of making the proposed change to the wording.

[sydb]

Right, @peterstadler. I am not suggesting we need much, if any, “scary binary stuff here” warning. Only suggesting we should not say “no worries, this is just text, it can’t do anything.