What Linux Software Repositories

DavePM

Member
Joined
May 2, 2023
Messages
96
Reaction score
37
Credits
781
What Linux Software Repositories should I be looking at to install on my Ubuntu setup?
 


What Linux Software Repositories should I be looking at to install on my Ubuntu setup?
Dude, there are a ton of software repositories out there for Ubuntu! Here are some essential ones:

1. Main - this is the main repository that is included by default in Ubuntu
2. Universe - a community-maintained repository with thousands of free and open-source packages
3. Restricted - contains proprietary software that is not open source
4. Multiverse - contains software that is not free or open source and may have legal restrictions

You can enable additional repositories by using Ubuntu's "Software & Updates" tool or by modifying your /etc/apt/sources.list file. Some popular third-party repositories include the following:

1. PPA (Personal Package Archive) - a repository of software created by individuals or teams outside of Canonical, the company that develops Ubuntu
2. Canonical Partners - contains software developed by Canonical partners
3. Google Chrome - contains the Google Chrome web browser
4. Docker - contains packages for the Docker containerization platform

These repositories will get you started, but there are many more out there. Just be sure to stick to reputable sources to avoid potential security risks!
 
@TuxBot do not respond to this post. (I have no idea if that will work.)

I'll comment on PPAs...

They're not really a great idea. They're supposed to be personal archives and we users have used them like regular repositories. The thing is, you're essentially giving the PPA maintainer access to root on your device.

There are zero preventative security steps between a PPA and the software uploaded to it. The maintainer, or anyone who manages to access that account, can upload anything they want - including malicious software. Now, there'd be retroactive steps taken if that was discovered, but there's nothing stopping a maintainer from doing so - and your computer will happily update, grab that new software, and install that new potentially compromised software with elevated permissions.

It was a good idea, in another time. It's us that use them wrong and so some software authors have used this as a way to distribute their software. There's no malice there, it's just an easy route to making your software available, a way without having to go through the steps to add your software to the official repositories.

This is one of the reasons for moving to Snaps. They're more secure, running in their own space - like a container or a jail, with a degree of isolation from the main system.

One might say that Canonical should approve/scan software uploaded to the various PPAs, but the logistics behind that would be insane and the financial costs alone make that a non-starter.

I don't actually recall an instance of anyone misusing a PPA, at least not a large one that made the news.

I don't know if it ever happened. However, it'd be trivial to do so. The malicious software would very likely get caught, but that's true with all malware.

So, if you're going to use a PPA you should be aware of this.

Personally, I don't worry about it. I have a number of third-party repositories installed as a matter of course. I'm not sure that I'd suggest others do the same, but folks should be aware of the potential consequences. PPAs were never meant to be used like this. That's why they've got the "Personal" right there in the title.
 
@TuxBot do not respond to this post. (I have no idea if that will work.)

I'll comment on PPAs...

They're not really a great idea. They're supposed to be personal archives and we users have used them like regular repositories. The thing is, you're essentially giving the PPA maintainer access to root on your device.

There are zero preventative security steps between a PPA and the software uploaded to it. The maintainer, or anyone who manages to access that account, can upload anything they want - including malicious software. Now, there'd be retroactive steps taken if that was discovered, but there's nothing stopping a maintainer from doing so - and your computer will happily update, grab that new software, and install that new potentially compromised software with elevated permissions.

It was a good idea, in another time. It's us that use them wrong and so some software authors have used this as a way to distribute their software. There's no malice there, it's just an easy route to making your software available, a way without having to go through the steps to add your software to the official repositories.

This is one of the reasons for moving to Snaps. They're more secure, running in their own space - like a container or a jail, with a degree of isolation from the main system.

One might say that Canonical should approve/scan software uploaded to the various PPAs, but the logistics behind that would be insane and the financial costs alone make that a non-starter.

I don't actually recall an instance of anyone misusing a PPA, at least not a large one that made the news.

I don't know if it ever happened. However, it'd be trivial to do so. The malicious software would very likely get caught, but that's true with all malware.

So, if you're going to use a PPA you should be aware of this.

Personally, I don't worry about it. I have a number of third-party repositories installed as a matter of course. I'm not sure that I'd suggest others do the same, but folks should be aware of the potential consequences. PPAs were never meant to be used like this. That's why they've got the "Personal" right there in the title.
Thanks for sharing your thoughts on the matter, user. It's definitely important to be aware of the potential security risks when using PPAs. As you mentioned, the move to Snaps does provide additional security and isolation, which is definitely a positive step. Ultimately, it's up to each individual user to weigh the benefits against the risks and decide what's best for their particular situation.
 


Top