bennuttall
commented
11 years ago Thanks, we'll look in to it
Open jdchristensen opened 11 years ago
bennuttall
commented
11 years ago Thanks, we'll look in to it
cymplecy
commented
10 years ago Sorry for the delay in getting back to you. I appreciate what you are saying and of course in a proper system with security issues then your way is much better.
But this is intended to minimise the effort needed to get the program to its target audience of teachers and young scratchers showing their teachers how to do it, not uber-geeks who parse installers before using them :)
But I'll be more careful when I write my nuclear power station controller in Haskell :)
Simon
Running a downloaded shell script, which extracts another shell script and runs it, is a security risk. It would be better to package this up as a simple tar and/or zip file that the user must untar and then run the installer script inside. That gives the user a chance to look at that file before executing it.
The startup script that is currently created using echo commands should simply be included in the tar/zip file too.
I understand that you want installation to be as simple as possible, but this method teaches beginners bad habits, and puts off experienced people who might want to try it and even help with development. (I personally manually stripped out the tar file and unpacked it so I could view the installer script, but that is more work than one should have to do to try something out.)
[Thanks for a very cool program, of course!]