Add idiomatic way to install app for Linux #14498
Comments
|
Just below your screen-shot is a link that says "For other installation options and help troubleshooting read the guide". We don't currently have plans to promote a different primary installation mechanism, as this one works the most reliably for the most users. Once we get to a point where a majority of linux users can install via their systems package managers (which is a long road to travel) we will likely switch to recommending that instead (as this can help us ensure that the dependencies we need are available). If you'd like to help with that effort, see https://zed.dev/docs/development/linux#notes-for-packaging-zed. |
|
@ConradIrwin it seem this decision kills Zed for all Linux users who care about security and control over software, and leave Zed for Linux users who never write code and don't know about mentioned threats. For me it looks like Zed missed out who is its audience, or Zed goal is to inject malware 😉 |
|
Can't you save the install script and read it before executing it? curl https://zed.dev/install.sh > zed_install.sh
cat ./zed_install.sh
# If it's okay, run the install script.
./zed_install.shIMO a install script is no worse than a binary. In fact, it's actually better since you can read what it's doing (unlike binary code, unless you compile it yourself). Also, there are many packages already 🙂 |
Sure, but here are few problems:
Exactly, the only problem we have right now is nothing options for Ubuntu is present. All we need to resolve this security problem, and to make Zed available for ubuntu users who care about security is to add Zed to Custom PPT/Snapcraft/Flathub. Let's fix it |
Well, it's up to you if you want to read it. The script just a normal shell script which anyone can read. You can also install a malicious .deb file without checking the scripts it runs first.
That's just shifting trust from one party to another. You should probably ask your distro to package Zed then (or possibly contribute to it!)
Yeah, that's a valid point as long as you trust the repository.
Nothing is preventing you from doing that with the current method though? If Zed were to distribute malware, you'd be able to make a pretty big lawsuit... The proof would also be on the computers of everyone affected. And, to counterpoint what you said, a malicious repository could easily rewrite history.
I agree, it'd be great if there were more packages for Zed, especially for Ubuntu considering it's the most popular distro 🙂
I assume by PPT you meant PPA, which are user-created and not checked by Ubuntu developers. It still may be better than the install script since it's basically a build server (and you can review how it builds Zed) but you still need to trust the creator of the package. I wouldn't like a Snap package, but a Flatpak would be really nice!
|
Check for existing issues
Describe the feature
Currently, the only way to install Zed is to run a random code from the internet:
I've just checked https://zed.dev/docs/linux#other-ways-to-install-zed-on-linux section and i did not found any ideomatic way to install Zed on ubuntu like apt repository, Flathub, Snap, or at least AppImage.
So currently i may not to install Zed, because i can't run any scripts from a random server on the internet, since it is the one of most dangerous things i may do on my machine.
It would be nice to have any ideomatic way to install your software on Ubuntu machine. Ideally, the new way must support updates (AppImage does not, the same about run from tar archive).
If applicable, add mockups / screenshots to help present your vision of the feature
No response
The text was updated successfully, but these errors were encountered: