MPloppy
MModular
•Created by MPloppy on 9/11/2023 in #questions
Why the crappy system-breaking script for installation?
I know this has been a theme for years now: instead of providing a tarball and documentation, most "apps" nowadays provide a script that does horrible things on your system unless it's ran in a container... and even then...
But I would have expected much better from this. Mojo should be installable as non-root and without using a script and repo setup should be more standard.
Yes, there are manual instructions (telling users to use curl as root, which is a big no-no) and putting data (gpg keys) in a location that belongs to the package manager (/usr/share) yet is not tracked by the package manager (that key should be under /run or /etc depending on how long it is kept around,).
So while I do really commend the fact that you got this almost right, getting to a system where the modular sdk is installed and updated by the package manager, the ways provided to get there are atrocious.
Please provide a signed tarball and minimal documentation for non-root installs, change /usr/share/keyrings/... -> /etc/keyrings/... and just tell people which repositories to add on the (custom page) website instead of having them run curl for no reason (and as root).
You already spell out a 6-line custom "manual installation" script, it wouldn't have been much harder to tell people to install apt-transport-https and show the verbatim content of the files you tell people to curl telling them where to paste them.
I understand you want to be as foolproof as possible (and as such, I'm not suggesting removing the "manual installation" part or make that exact thing a script) but please just make it easy and secure for non-fools too. And stop with the overcomplicated script madness: you support Ubuntu 20.04. You might have rpm repos, just document how to cleanly use it then. It's fine.
10 replies