this post was submitted on 25 Jun 2024
174 points (95.8% liked)
Linux
48287 readers
637 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
...
EDIT:
Appimagelauncher, gearlever, AM, etc. Which is the same as a install wizard since it integrates the appimage into the system. AppImages do not need to be extracted into the system which is what windows install wizards do.
Appimages came before these tools, and the tools (forgot the name GearLever, AppimagePool is another one) came afterwards.
They are structurally better as they are external.
That verification is interesting. So it is another appimage, used to verify appimages? Are all Appimages using that, if not what percentage of the ones you know? And are tools like Gearlever enforcing or using that signature check?
Usually if the appimage has a github release with a zsync you have that verification.
I don't use gearlever, as far as I know gearlever doesn't even let you sandbox the appimage like AM does. I don't think any of those forces signature verification besides AppImageUpdateTool and that's because that's part of the zsync update process.
Interesting, will look into this. The issue is of course that these tools are optional.
But if they work, they may fix nearly many issues. Some will remain, for example many proprietary apps dont use Github releases, while these may be especially targets of fakes.