D

davix-isobuild

Data Analysis and Visualization Linux Toolset - creating an ISO build script so that DAVIX doesn't have to be distributed as a VMDK but as a live CD

  • Brad Cable's avatar
    Things to note: · b9431521
    Brad Cable authored
    1)
    'insatll' typos fixed.
    
    2)
    Google Code is about to be discontinued and will no longer be
    available by January 25th, so a different source for seedsofcontempt
    would be required.
    
    You could just hit the "Export to GitHub" link yourself and host it in
    case they don't do it in time or have abandoned the project.
    
    http://google-opensource.blogspot.com/2015/03/farewell-to-google-code.html
    
    3)
    I'm attempting to convert these "http" and "ftp" links to "https".  It
    is really important that Linux distribution in particular don't download
    raw code from the internet in a vulnerable way and compile or execute it
    (in the case of Cytoscape, you actually execute the code locally
    voluntarily!).
    
    If for instance, any of these connections were to be tampered with
    during ISO creation, you could be distributing malicious code to many
    people without anyone realizing it.
    
    It's in general not a good idea to download anything, even over HTTPS,
    and execute though.  Some of these repositories get hacked and
    distribute malicious code.  The most important example I can remember
    was in the late 90s when Slackware's repository was hacked and was
    serving malicious packages for months without people knowing it.  This
    led to the cryptographic signing revolution and the true package
    management for distributions.
    
    Even Microsoft is aware of this and is attempting to change this
    methodology with the Windows Store.  It's mostly an attempt to resolve
    the excessive software malware on Windows, but it's being fought so hard
    by everyone who loves downloading EXEs and MSIs all the time.  It's
    extremely bad practice and unless we want Linux to become the mess of a
    platform that Windows is we shouldn't bastardize the package management
    system.
    
    The obvious "real" solution is to create full Debian packages out of
    these pieces of software (that's the point of having a community Linux
    like that), but that's a huge undertaking unfortunately.  Debian should
    find a way to get package maintainers better tools.
    
    That being said, HTTPS is okay for now.  This doesn't fix all the links.
    b9431521
Name
Last commit
Last update
install Loading commit data...
logos Loading commit data...
tools/inav Loading commit data...
.gitignore Loading commit data...