Software programs in the source code have to be compiled and built first in order for the consumes to easily install and use. Software packaging within the various Linux distros also known as native packaging is the most common practice for distributing software. Another approach is providing an installer for the user to run and set up the software.
Although an installer may seem an easier method especially for someone new to the IT world, there are advantages to native packaging that cannot be neglected. Namely, security is one of the important ones. Zextras Carbonio focuses primarily on security and privacy as its most important pillar. Therefore, it certainly opts for the more secure option i.e. native packaging. In the following, you’ll learn more about these methods, their differences, and their advantages.
Native Packaging
Package managers shipped with the operating system are a collection of tools that automate the installation, upgrade, configuration, and uninstall processes. Software developers can provide the consumers with .deb, .rpm, etc. packages each for specific distros of their target. Consumers will download and install these packages using the native package manager on their distro e.g. apt, yum, etc.
The biggest hurdle in this approach is that developers must provide a package for every distro or at least for the most common ones such as Ubuntu and Red Hat. Conversely, it makes the installation, upgrade, and generally the maintenance of the software easier since the users are working with their familiar package manager.
Later we’ll see more benefits of using a native packaging method.
Standalone Installer
Installers are computer programs to set up software onto a computer which are divided into standalone installers and web installers. Needless to say, a web installer needs access to the internet to download files necessary for installation and the standalone installer has only access to the files it contains.
The obvious drawback of this approach is the security issues. Consumers need to download the installer and run it on their system. Considering the possibility of third parties luring you to download anything they want to run on your computer. Although it’s less probable for skilled users, it is, however, a risk tied to the design of this approach.
Later we’ll see more benefits of using a native packaging method.
Comparison
Let’s take a brief look at some differences between native packaging and a standalone installer.
The installer can be standalone to include all the necessary files you need to set up your software. In the native packaging, it’s not necessarily the case as you require to download some files during the installation. The installer might be a bit simpler to use but loses the flexibility of native packaging in terms of configurations, automating, etc. Moreover, despite native packaging, installers are not so common in Linux, they are mostly used in proprietary software using proprietary archives.
Since we are using the native mechanism of our distro we are sure it’s absolutely compatible and by its design works perfectly without any hitches. Moreover, you can call native packaging more efficient since for an upgrade, you only download what is changed and new, while with an installer you need the whole software even if the changes are minute. Managing dependencies automatically during the installation is also very useful. Furthermore, installer archives have always some chance of corruption while decompressing.
Pros
Native Packaging
- Security
- Flexible usage
- More common
- Compatibility
- More efficient
- Granular upgrades
- Managing dependencies
- Sandboxing
Standalone Installer
- Standalone
- Works offline
- Less knowledge needed
Cons
Native Packaging
- Needs more knowledge
- Needs internet
- It’s not standalone
Standalone Installer
- Prone to compression errors
- Proprietary archives
- No granular upgrade
- Risk of third-parties
There are a lot more advantages to native packaging but the most important one is security. For instance, installing the software in a sandbox using the native package manager which is intrinsically more secure, or reducing the risk of running homebrewed scripts is another advantage.
Is It Really More Secure?
Just consider third-party sources to download your next program!
To install the software on Windows users may browse the web to find the proper installer for the software, the risk is that the source providing the software is not necessarily trustable. If the user doesn’t know where exactly to search it would jeopardize the security of the user’s machine by executing virus or malware. This way, it’s the user that would be vigilant not to fall for these while using native packaging, the user will directly connect to the source to download the software files. To put it simply, the chain of trust will never break between the users and developers using a single point of trust which is the centralized repository of the software.