There are several ways to install an application in Ubuntu:
-
You can download a source tarball (generally a
.tar.gz
or a.tar.bz2
file) and install it manually. (See How do I install a .tar.gz (or .tar.bz2) file?) -
You can download a
.deb
file and install it manually, usingdpkg
or the Software Centre. -
You can search for the application in the Ubuntu Software Centre and install it there, or use
apt
with the official Ubuntu repositories. -
You can find a PPA or a third-party repo, and install it from there.
What are the pros and cons of each method? Please discuss security implications, frequency of updates and program reliability of each method in your answer.
Best Answer
dpkg
, unless you usecheckinstall
to temporarily convert it to a debian package. With this, you do risk breakingdpkg
. Even if the code is open-source, unless you make sure it hasn't been changed, you should still download it from a trusted site. You can install multiple versions of software, as long as it uses different directories. You can override this in the makefile.sudo dpkg -i file.deb
, dependencies must be installed first. When installed this way, you won't get updates unless the package is also in the repositories, but this package will satisfy dependencies requiring this software. It will also most likely give this package a menu entry or at least register manpages. Debian packages usually are tested with Lintian which makes sure packages meet or exceed a set of standards that can be quite stringent, going as far as whether certain files have any executable code or not. Multiple versions of the same package cannot be installed. A badly made package can fail to install, fail to remove, or even break DPKG, leading to difficult repairs, frantic searches for backups, or even a reinstall if the problem is serious.apt
is the best option when possible. Dependencies will be automatically fetched and installed, and packages are built using reliable build server configurations at launchpad, minimizing failures. Packages can be searched throughaptitude
or other such tools, and updates will be easily facilitated via the update manager. Since dependencies also come fromapt
, the package is more likely to interact with dependencies properly. Packages are tested via Lintian as with debs, but the testing, combined with highly stable build servers, make for even more stable packages. Since the packages pass through Ubuntu's build servers, most likely they will be tweaked to integrate with the rest of the OS. Multiple versions of the same package cannot be installed. Since Ubuntu's build servers are used for PPAs, there is less change you'll breakapt
due to auto-linitianing.apt
, packages will be updated very easily. Updates are consolidated in one place, the update manager, and are done automatically or semi-automatically. Unless you are on an alpha or beta of Ubuntu, you will be using well-tested versions, even if they are a version or two behind the current upstream source. Security updates will be pushed as soon as they are lightly tested to make sure they don't make the situation even worse. This means that your security will be protected with timely updates, but these updates will be checked to avoid data loss.dpkg
will not allow a debian package to overwrite the files of another, so a malicious deb can't destroyinit
or mess withbash
by overwriting it. You should always trust the website and the author of the package.apt
uses signed keys for repositories, so they can;t be mangled without a red flag coming up. PPA uploads are digitally signed so non-owners of the PPA cannot put up broken or unsafe packages. The no-overwrite for files of another package is also enforced. Of course, you should trust the PPA or repository owner, as unchecked packages with malicious code will execute upon being run.