Request for simplified instructions for downloading and installing .tar.gz applications - Ventoy
Ralf Mardorf
kde.lists at yahoo.com
Tue Aug 2 20:48:14 UTC 2022
On Tue, 2 Aug 2022 12:56:05 -0700, Tom Mitchell wrote:
>There is no easy and safe way to install a tar archive of files without
>it being sourced from a very trusted source.
Hi,
you can ask upstream to provide signed checksums. If the key is part of
a web of trust there's no issue anymore, unless you should be allergic
to binaries from upstream.
You can contact upstream, "longpanda" by https://www.ventoy.net, as
well as by https://bbs.archlinux.org/profile.php?id=133208 . The later
requires to either have a bbs.archlinux.org account or to register.
Upstream is from China, this might or might not matter. However, I build
the packages for the upstream binary for my Arch install from the AUR,
https://aur.archlinux.org/packages/ventoy-bin . It has got 201 votes
and there are no complains related to the ventoy-bin. There's just one
comment related to binaries from upstream: "alerque commented on
2022-07-07 07:48 (UTC) (edited on 2022-07-07 07:49 (UTC) by alerque)
If anybody ever works on a ventoy package built from source and makes
any progress I would like to collaborate. Please ping me and once we
get it working reliably I'd be happy to sponsor getting it into
[community].
In the mean time thanks to those contributing to the -bin packaging.
I'm getting my millage out of it even if begrudgingly because I dislike
blindly using upstream binaries -;)"
I never experienced an issue with the binary from upstream. However,I
was in contact with upstream and while I'm in favour of signed
checksums, I still didn't asked upstream to provide signed checksums.
Regards,
Ralf
More information about the ubuntu-users
mailing list