0

For Google products (chrome, google talk, etc) and Dropbox on Linux, part of the install process for their packages automatically add their public key and set up their repositories in your system, so that future upgrades are easier.

My question is, is this frowned upon? Does shaving off those extra steps (download/add key, add repo file, update local repo manager) really benefit sysadmins? Is this a good or a bad practice?

user145584
  • 9
  • 1
  • In what environment? – Michael Hampton Nov 15 '12 at 00:51
  • @MichaelHampton Google and Dropbox do it for both debian/ubuntu and fedora – user145584 Nov 15 '12 at 01:01
  • 1
    I asked what environment you were in, not what distribution you were using. – Michael Hampton Nov 15 '12 at 01:02
  • My original question doesn't have a specific environment in mind. Is your answer "yes its ok" for internal test machines and "no its not ok" for production machines? – user145584 Nov 15 '12 at 01:04
  • 1
    "Good" or "bad" can only be answered for specific situations. It's a bit like ethics and morals, which vary from person to person and place to place. Only *you* can decide if it's good or bad for you and your situation. – John Gardeniers Nov 15 '12 at 03:50
  • This is really an opinion question -- there's no right answer as it depends on whether or not you care about maintaining control over the repositories your system is checking. (Personally I think it's a Bad Thing, as I don't like my systems going to random places for software -- do you trust the third-party repositories to be secure?) – voretaq7 Nov 15 '12 at 05:23

1 Answers1

1

The positive side
Without doing so, the software will never be updated. Meaning you won't get security fixes and such unless you actively seek them out. This is potentially dangerous.

The negative side
If your repo config is updated, then if you're really concerned about carefully managing your repo configuration, then you'll be upset that they had the nerve to change it.

For the average user, I'd say stick on the safe side and go the route with auto-updates.

tylerl
  • 15,055
  • 7
  • 51
  • 72