The Wiki wrongly mentions that the version on Kali is deprecated

[elboulangero]

Hello, I've been reading the Wiki https://wiki.porchetta.industries/getting-started/installation/installation-on-unix#apt-package-kali-linux-only and it says:

APT package Kali Linux only

Not recommanded as the version on Kali is deprecated

May I kindly ask you to remove this mention? In Kali Linux, like in most distros, the packages are updated by maintainers, according to the time available. Sometimes it's up-to-date, sometimes it's not. But a general statement like "version on Kali is deprecated" doesn't make any sense.

If you insist on such warning, it should apply to packages from distributions in general, not just Kali Linux. You could make a section "Install a package from your distribution", then mention that packages provided by the distributions might not always be up-to-date, then list all the distributions that provide a package for crackmapexec (like you already do).

If I look at https://repology.org/project/crackmapexec/versions, I can see that at the moment, Kali and Pentoo provide an up-to-date package, while BlackArch's package is slightly outdated.

If there's a Git repo for your wiki, I'll be happy to submit a MR, just let me know the URL of the Git repo.

Thanks in advance!

[mpgn]

Hello, you right, I've updated the Wiki to put the warning on other distros.

The reason I put the warning is that distro cannot follow up with the release, I got issues that are already fixed and it's a time killer plus people complaining about your project about something already fixed is not great for the mental and for the image of the tool.

Regards

[elboulangero]

Hi @mpgn, and thanks for the quick reply.

I must say the change you made is a bit unfortunate. The wording "is deprecated" is misleading. The packages are not deprecated, neither in Kali, neither in any of the distributions that you list in the Wiki. It might be out of date at times, but that's very different from being deprecated. Apologizes if it was not clear in my first message.

[mpgn]

What's your definition of 'deprecated' ?

Mine is: the version is not supported anymore, no support will be provided for this version and running this version is not recommanded

[elboulangero]

Good question. For me, deprecated is something that is on the way out. If I want to drop a functionality in a library, I mark it as deprecated, and after some time (long enough), I will remove it. The purpose of deprecation is to announce that something will be removed.

But the point is that I can only deprecate the stuff that I develop myself, I can't deprecate stuff developed by other people. For example, if my program supports X, I can "deprecate support for X", that doesn't mean X is deprecated, it's only the support for X in my program that is deprecated. Hope it makes sense...

But to be back on the topic: if you don't want people to install CME from their distro, then you can just drop all the sections for Kali/BlackArch/Pentoo in the wiki? Why mention it in the first place? Optionally, leave a note such as "We do not recommend installing from the package manager because X or Y"...

I'm from the other side of things, I'm a Kali developer, and the advice we give is pretty much the opposite, we advise our users to always install via the package manager. And the reason we do so is pretty much the same reasons you invoked above: « issues that are already fixed and it's a time killer plus people complaining about your project about something already fixed is not great for the mental and for the image of the tool ». Exactly that :)

[NeffIsBack]

Hi, I can absolutely see both of your points, but is there maybe another way to solve it? I agree with mpgn that it is really annoying to see the same tickets over and over again, because the bugfixes are not already pushed to the repositories. Is there maybe a way to automate the release? For example as soon as mpgn releases a new binary (e.g. the latest bug fix with a point release) the binary gets uploaded to apt (or however it works).

[mpgn]

I've updated the wording to avoid the word "deprecated" :)

[elboulangero]

For example as soon as mpgn releases a new binary (e.g. the latest bug fix with a point release) the binary gets uploaded to apt (or however it works).

Well, if it was "automatable' it would be automatic already! Updating the apt packages is rather straightforward, but needs to be done by someone (ie. human being), in order to have a look at the changes, update dependencies if needed, and a whole bunch of other things. It might be that unit tests won't pass with the new version, so it will require time to investigate test failures and fix it. Sometimes it can be quick, sometimes not.

And in the end it's an issue of manpower, at Kali we're a small team and we maintain many packages. If a package doesn't get updated, it's because we're busy doing other things and we didn't have time to update it. If it really takes too long, that's fine to ping us via the bugtracker of course.

[elboulangero]

I've updated the working to avoid the word "deprecated" :)

@mpgn Thank you for the update. I noticed that the wording "the version on Kali" was copy/pasted as is, also for Pentoo and BlackArch. I would have said « Not recommended as the version might not be up-to-date » but anyway.

Thanks for your time on that! I'm closing the issue.

[mpgn]

Updated