Author Topic: [feedback] Universal linux64 binaries  (Read 3200 times)

Post producer

  • Newbie
  • *
  • Posts: 34
Re: [feedback] Universal linux64 binaries
« Reply #15 on: September 17, 2016, 08:04:07 PM »
This is too interesting to be sinking through page 5! Are you still looking for feedback? Does this approach have security implications like Windows .exe files?

eumagga0x2a

  • Moderator
  • Hero Member
  • *****
  • Posts: 2901
Re: [feedback] Universal linux64 binaries
« Reply #16 on: September 17, 2016, 09:37:56 PM »
Does this approach have security implications like Windows .exe files?

Which security implications do Windows executables have that executables for other platforms don't? What kind of security do you actually have in mind? Linux being a minority platform makes it already very safe (except of all the usual cross-platform web browser stuff like when one webpage manages to steal another's cookies) while being rather insecure. This insecurity starts e.g. with lack of isolation between different windows on X. Want a secure system? Do not run X on it in the first place.

The AppImage approach packages the actual application with all libraries necessary to run it, purposely decoupling them from the target system's update mechanism. This means that if a major vulnerability is disclosed in one of the supplied libraries, the AppImage as a whole must be updated as security updates provided by the Linux distribution won't help here.

If you are concerned about the integrity of the AppImage file regarding man-in-the-middle scenarios, the usual way to give users a chance to protect themselves from this threat is to offer gpg signed checksums (SHA256 or better). Maybe this will come one day to Avidemux too.