Package request: RustDesk

[MechDR]

Package name

rustdesk

Package homepage

https://github.com/rustdesk/rustdesk

Description

An open source remote desktop application similar to AnyDesk in look and feel, as well as simplicity. Source is available, AGPL-3.0 licensed, so it shouldn't be a problem to port it to Void Linux.

Does the requested package meet the package requirements?

System, Compiled, Required

Is the requested package released?

Yes

[notramo]

Keep in mind that RustDesk decrypts the stream on the server. I don't know the exact link to the issue, but if you want to do the research, start with F-Droid repo issue about anti-feature. There is an issue in the RustDesk repo, but the discussion is written with CJK characters, so translation is needed.

[MechDR]

@notramo Link to the issue? I can't seem to find it.

[notramo]

https://forum.f-droid.org/t/known-vuln-rustdesk/18793 This links to https://github.com/rustdesk/rustdesk/issues/225 Even the comments in the code are written in CJK.

Also, a quick search to "rustdesk encryption issue" helped me to find this: https://github.com/rustdesk/rustdesk/issues/451 The devs doesn't seem to be transparent enough about this issue. They just said to “upgrade to fix it”. They didn't provide a possible reason for the issue. That's not how security vulnerabilities are managed. The lack of explanation makes one think that it was an intentional backdoor, which got noticed, and they simply removed it in the next release.

There are not enough people to keep an eye on the project, which would be necessary, given their track record. It's worth adding an installation warning to the package if it will be packaged in Void Linux. I would personally recommend not packaging it at all.

[MechDR]

Well, it's open source, one can always make a fork and fix the issue, while still making the client/servers backwards compatible, so that the fork can also connect to the free servers.

To be honest, I would still use it. I use it for mostly home stuff, some remote assistance, but I'm far from paranoid. It solves an issue many people have been having with AnyDesk, like no new builds for Linux x86 (the current builds still work, but no one knows for how long), and since AnyDesk is not open source, it may suffer from similar issues, but we have no idea, since the source is not available.

If it doesn't make it in the repo, so be it, I would probably make the template myself and make a new repo on my GH. I understand the concern for security, but people have real world problems that need cheap or free solutions ASAP. I have 4 headless RPis and 2 headless rigs (a NAS and an encoder). I might set up a local RustDesk server on one of them, for my personal needs, but if I only had the 2 headless rigs, then no, probably not, I would just use the free servers. Not to mention that one of the Pi's is involved in a robot project that I sometimes test on the field and I can't bring the RustDesk server every time I test outside, that's just impractical, so yes, in that case, I'll use the free servers (shrug).

[superiums]

is there any good alternative solution ?

[notramo]

You could try VNC with Yggdrasil Network. Just keep in mind that the encryption in Yggdrasil is in alpha, so use SSH or some VNC encryption protocols.

[MechDR]

@superiums Not as simple to use as AnyDesk or RustDesk, no... at least none that I know of.

[notramo]

If you want to use simple solution then I recommend Microsoft™ Windows™ built-in remote desktop, Chrome Remote Desktop, TeamViewer, or AnyDesk. Also, if you want to use a simple solution, I don't recommend Void Linux at all. This distro is not meant for users who want simple solution. It's made for tinkerers.

[liberodark]

Hi,

Can you add this software on repository.

Best Regards

[MechDR]

I never managed to build it from source and the Void team doesn't like the fact that it has some security issues. I used to use repacked binaries from the official releases, but then I switched to HopToDesk (the servers are a lot faster), and then switched back to AnyDesk, so I don't actually use RustDesk or the fork (HopToDesk) any more.