no crapware please

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Install the newest version of IZArc with npackd

What is the expected output? What do you see instead?
I would expect that it only installs IZArc, and none of the crapware : browser 
bar, changing default search engine, system optimizer ...

What version of the product are you using? On what operating system?
Windows7

Please provide any additional information below.
http://blog.ulrichard.ch/?p=1071

Maybe some review process is needed to ensure that crap like this doesn't make 
it into the repository. This could never happen on debian.

Original issue reported on code.google.com by richi...@gmail.com on 12 Sep 2013 at 8:49

[GoogleCodeExporter]

re. your blog post:
1. it would be nice to know what you mean exactly by "still a decade short of 
the debian system"
2. Npackd, not NpackD. It is not a daemon.
3. you can select multiple packages and press "Update"
4. "I don’t know what is the reason that upgrades in npackd frequently fail." 
=> please file issues

Original comment by tim.lebe...@gmail.com on 14 Sep 2013 at 11:06

• Changed state: Accepted
• Added labels: Milestone-End_Of_Month

[GoogleCodeExporter]

it seems there is no was to disable crapware installation. There will be a 
warning: https://npackd.appspot.com/p/org.izarc.IZArc

Original comment by tim.lebe...@gmail.com on 14 Sep 2013 at 11:24

[GoogleCodeExporter]

no *way*

Original comment by tim.lebe...@gmail.com on 14 Sep 2013 at 11:26

[GoogleCodeExporter]

I didn't want to offend you. 
I'm actually very grateful for the great product.
I updated my blog post to include some more details.

1. With decade short I mean by comparing the whole system. Npackd is just one 
part, just like apt-get. Debian has strict rules, that the packages have to 
follow to ensure the integrity of the whole system. On Windows there are some 
rules, but most packages disrespect one or another. There is also no good 
system for shared libraries. Every attempt Microsoft made in the past turned 
out to be just another incarnation of dll hell. I know Npackd does dependency 
management, but since the packages rarely use it, it's hard to judge to what 
extent. For example is there an equivalent to "apt-get autoremove"? Then there 
is the issue with trust. On debian, I can verify everything I install myself 
easily. And everything package is digitally signed, the binary by the build 
host and the source package by the maintainer. I didn't see any signature 
verification in Npackd. But since the packages are not certrally built, but 
linked to the binaries, I don't know if there would be a point in doing it. 
Correct me if I'm wrong.

2. I corrected the spelling in my blog post. What does the d stand for? An 
abbreviation for "unpacked"?

3. Thanks for correcting me. I updated the blog post. I probably tried that the 
last time some years ago, and didn't read the release notes since then.

4. I will file an issue when it happens the next time. The last product I can 
remember was Aptana.

Original comment by richi...@gmail.com on 16 Sep 2013 at 7:29

[GoogleCodeExporter]

I don't think the warning is enough. Most people don't read that. Especially 
not for an update. 
I would remove IZArc from the repository, until they provide a clean installer. 
I assume there are other products in the repository that can substitute for it. 

That's an issue of trust for me. So far I trusted the Npackd repository not to 
hijack my computer. If I have to worry for every package I install, or worse 
for every package I update, I cannot trust the repository any more.

Original comment by richi...@gmail.com on 16 Sep 2013 at 7:33

[GoogleCodeExporter]

no offense taken.

1. there is nothing similar to "apt-get autoremove" yet. There is also no 
signature verification by Npackd. Some packages are signed and Windows probably 
checks the signatures if it starts such programs.

2. Npackd should just be pronounced as "unpacked". It is not an abbreviation.

3. you're welcome

4. OK

Original comment by tim.lebe...@gmail.com on 17 Sep 2013 at 7:42

[GoogleCodeExporter]

re #5: I asked other users about crapware: 
https://groups.google.com/forum/#!topic/npackd/n-W1PzAMFgs

Original comment by tim.lebe...@gmail.com on 17 Sep 2013 at 7:45

[GoogleCodeExporter]

Original comment by tim.lebe...@gmail.com on 16 Oct 2013 at 7:49

• Changed state: FixedPleaseTest

[GoogleCodeExporter]

Original comment by tim.lebe...@gmail.com on 24 Oct 2013 at 3:48

• Changed state: Fixed

[GoogleCodeExporter]

Not sure if this is the right place to post, but it seems ImgBurn comes packed 
with OpenCandy:

http://forum.imgburn.com/index.php?/topic/21631-to-those-who-are-unhappy-about-2
580-being-bundled-with-opencandy/

My company's Trend virus scan picked it up and caused me some embarrassment 
when they phoned me to ask how I got a virus on my PC. (not that it's really a 
virus).

Original comment by igi...@gmail.com on 22 May 2014 at 10:25

[GoogleCodeExporter]

you're right: 
https://www.virustotal.com/de/file/ab5ab68b541c0de51d7e9eafe1cbe5267347c1e6edf1f
aeedc79e01fd774375e/analysis/

But 2.5.7 is OK: 
https://www.virustotal.com/de/file/3b61ce3d5d75fe4a90313741cdfa71c47ba6543fc568a
b3293ed33983ff717d8/analysis/

BTW, please file new issues if possible.

Original comment by tim.lebe...@gmail.com on 23 May 2014 at 6:35