2)
Google Code is about to be discontinued and will no longer be
available by January 25th, so a different source for seedsofcontempt
would be required.
You could just hit the "Export to GitHub" link yourself and host it in
case they don't do it in time or have abandoned the project.
3)
I'm attempting to convert these "http" and "ftp" links to "https". It
is really important that Linux distribution in particular don't download
raw code from the internet in a vulnerable way and compile or execute it
(in the case of Cytoscape, you actually execute the code locally
voluntarily!).
If for instance, any of these connections were to be tampered with
during ISO creation, you could be distributing malicious code to many
people without anyone realizing it.
It's in general not a good idea to download anything, even over HTTPS,
and execute though. Some of these repositories get hacked and
distribute malicious code. The most important example I can remember
was in the late 90s when Slackware's repository was hacked and was
serving malicious packages for months without people knowing it. This
led to the cryptographic signing revolution and the true package
management for distributions.
Even Microsoft is aware of this and is attempting to change this
methodology with the Windows Store. It's mostly an attempt to resolve
the excessive software malware on Windows, but it's being fought so hard
by everyone who loves downloading EXEs and MSIs all the time. It's
extremely bad practice and unless we want Linux to become the mess of a
platform that Windows is we shouldn't bastardize the package management
system.
The obvious "real" solution is to create full Debian packages out of
these pieces of software (that's the point of having a community Linux
like that), but that's a huge undertaking unfortunately. Debian should
find a way to get package maintainers better tools.
That being said, HTTPS is okay for now. This doesn't fix all the links.
1) 'insatll' typos fixed.
2) Google Code is about to be discontinued and will no longer be available by January 25th, so a different source for seedsofcontempt would be required.
You could just hit the "Export to GitHub" link yourself and host it in case they don't do it in time or have abandoned the project.
http://google-opensource.blogspot.com/2015/03/farewell-to-google-code.html
3) I'm attempting to convert these "http" and "ftp" links to "https". It is really important that Linux distribution in particular don't download raw code from the internet in a vulnerable way and compile or execute it (in the case of Cytoscape, you actually execute the code locally voluntarily!).
If for instance, any of these connections were to be tampered with during ISO creation, you could be distributing malicious code to many people without anyone realizing it.
It's in general not a good idea to download anything, even over HTTPS, and execute though. Some of these repositories get hacked and distribute malicious code. The most important example I can remember was in the late 90s when Slackware's repository was hacked and was serving malicious packages for months without people knowing it. This led to the cryptographic signing revolution and the true package management for distributions.
Even Microsoft is aware of this and is attempting to change this methodology with the Windows Store. It's mostly an attempt to resolve the excessive software malware on Windows, but it's being fought so hard by everyone who loves downloading EXEs and MSIs all the time. It's extremely bad practice and unless we want Linux to become the mess of a platform that Windows is we shouldn't bastardize the package management system.
The obvious "real" solution is to create full Debian packages out of these pieces of software (that's the point of having a community Linux like that), but that's a huge undertaking unfortunately. Debian should find a way to get package maintainers better tools.
That being said, HTTPS is okay for now. This doesn't fix all the links.