Automatix | Was: Dapper: Automatix and screen config problem

Thilo Six T.Six at gmx.de
Sun Jun 4 10:41:38 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Rajiv Vyas wrote the following on 03.06.2006 21:59:
> Today I downloaded Automatix....

<snip>

> Thanks,
> 
> Rajiv

Regarding "Automatix" here is a copy of a mail from a Ubuntu Developer
about it:
=======================================================================

'Forum Post wrote: (I suspect this was someone who calls himself 'arnieboy')
>>>> >> > > its not just a  great idea, its also a superb
implementation. It has
>>>> >> > > single-handedly drawn hundreds of thousands of windows users to
>>>> >> > > Ubuntu.
>>>> >> > >
>>>> >> > > It has had bugs (still probably has a few) and they have
been ironed
>>>> >> > > out when I have been approached in an appropriate manner.
>>>> >> > >
>>>> >> > > I will not attempt to give you any links except one. If you
really wish
>>>> >> > > to know more, explore this thread:
>>>> >> > >
>>>> >> > > http://ubuntuforums.org/showthread.php?t=138405

Ok, I took a look at this package in order to check what automatix is
technically about:
http://beerorkid.com/automatix/automatix_5.7-3_i386.deb

First of all, I don't see a source package. This means that no one else
than you can easily modify it. Since I assume that you licence the
package under the same licence as your script, the GPL, you are REQUIRED
to provide a source package, which was not linked from the 'download'
site (here, ubuntuforums.org).

The binary package itself violates our packaging policy in several
severe ways. First of all, there is no
/usr/share/doc/automatix/copyright. Second, it installs its stuff in
/usr/local/. This is broken in several ways. On some machines,
/usr/local/ might be nfs mounted without write access for the root user.
This makes the package uninstallable. Another thing is that no other
package installs stuff there. This means dpkg will happily remove
/usr/local on removal of automatx.

I didn't get why the package distributes an empty file
/usr/local/automatix/install.log, seems quite pointless to me.

All the main work seems to be done by the script /usr/local/automatix.
There is a heap of stuff in /usr/local/automatix/conf, which could be
easiliy integrated into our packages, if bugs where filed and this files
where attached. Sadly, you didn't choose to go that way, causing even
more work for us developers.

Automatix looks to me as a severe security risk. In function
'repositories', the following keys are added by apt-key without even
checking of the corresponding/expected fingerprints: 437D05B5, DD4D5088,
70188C3B. there is absolutely NO explanation to the user why this should
be safe, nor why he should trust those keys. The main reason for this
seems to me to deactive apt security checks. VERY BAD!

Almost all packages are installed using '--assume-yes' instead of
'--force-all' or '--force-depends'. While this is an improvement, in
case of dependencies trouble due to external repositories, which
automatix adds, the user is left alone when dependency trouble arrises.
I don't see you provide some sort of support/bug reporting interface,
(e.g. malone, or any other bugtracker), so that I have to assume that
you leave your users in the cold in case of problems.

Several configuration files are written over the local config like here:

sudo cp -rf /usr/local/automatix/conf/timidity.cfg
/etc/timidity/timidity.cfg
sudo cp -rf /usr/local/automatix/conf/timidity /etc/init.d/timidity
sudo cp -rf /usr/local/automatix/conf/def_timidity /etc/default/timidity

Besides being clumsy, this will cause unwanted dpkg prompts due to
conffile changes when upgrading to dapper, which I don't expect your
target audience to be able to solve. Again, you leave your users in the
cold.

the installation of java 1.5 is, well, questionable. Why don't you offer
your users to use java1.4 by installing the package j2sdk1.4 from
universe and get browser plugin installation for free? The way you
implement the installation violates Sun Microsystems redistribution
terms. (again, something you don't seem to care)

I get tired listing other faults and design errors in automatix.

Now, given this list of techical problems (espc. the security
breaches!), please tell me again whats so 'superb' about your
implementation? (just to quote YOUR words)


>>>> >> > > If you do not have the time or patience, then just give up
and stop
>>>> >> > > reading further.

I think I have proven that I have some patience in going through your
script.

>>>> >> > > Automatix is a supreme culmination of one man's efforts
combined with
>>>> >> > > the never-ending enthusiasm of the community to make a linux
>>>> >> > > distribution truly usable to the masses.

While your intentions are honorable, the implementation has severe
design issues. I suggest working together with others to solve the
problems you intended to solve.

Currently I see that users of automatix will have a bad time upgrading
to the Ubuntu 6.06, and we, the ubuntu developers, cannot support them.

>>>> >> > > I have clearly mentioned that I will not support Automatix
for Dapper
>>>> >> > > because of paucity of time and I have also expressed the
interest to
>>>> >> > > transfer the much sought after copyright of Automatix to
responsible
>>>> >> > > hands. Even as I speak, atleast 10 guys are voting every
hour on the
>>>> >> > > main Automatix thread that they took up Ubuntu solely because of
>>>> >> > > Automatix. You guys can keep ranting and flaming me down for no
really
>>>> >> > > good and well-informed reason.. but trust me.. whatever I have
done in
>>>> >> > > my time constraints.. very few have achieved.

Does this mean that you don't intend to adapt your work for use with
Ubuntu 6.06? Will you at least provide some mechanism so that your users
can safely upgrade from an breezy+automatix install? You could look at
the system-upgrader Michael Vogt has written. Perhaps you can extend it
to repair at least some systems broken by automatix.

In case that 'arniboy' (I don't have his real name, he doesn't seem to
provide any email adress) doesn't read this, could please somebody
forward him this email? My contact address are in the Headers of this
email.

Greetings,
	Reinhard

=======================================================================




Better use "easyubuntu":
- ----------------------------------------------------------------------
I would suggest against Automatix; please see the EasyUbuntu project
instead. Automatix uses dangerous techniques; this is a recognised fact
among many Ubuntu developers and members.

Please see:
http://nalioth.hostdestroyer.com/comparison.html

I am also not a fan of the writer of this program.

 - Yuki.
- ----------------------------------------------------------------------




bye Thilo
- --
i am on Ubuntu 2.6 KDE
- - some friend of mine

gpg key: Ox4A411E09

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEgrjggkdHiUpBHgkRA8iAAKDhzC9lCfqE1G20854ju+/4MGSlyQCgn48H
n4lSa3b5fB1d9IT0N7mNfOk=
=Zj3U
-----END PGP SIGNATURE-----

More information about the ubuntu-users mailing list