I didn’t say it was more secure, I said it’s about the same.

You said automation breeds laziness (by design, to an extent) and lazy end users tend to shoot themselves in the foot.

So, my question is : what part of automating download of DEBs from a specific source can be shooting oneself in the foot compared to doing the same thing manually every time ?

you should legally protect yourself

The MIT license will take care of that.

Also, to force the user to accept and acknowledge that the software they are installing using this tool is not verified to be safe is inducing fear and/or guilt, therefore is bad UX, I’m not doing that.

You understand perfectly.

How is the manual step more secure though ?

What does the user do before downloading a DEB that makes that gap between manual and automated ?

I’d be willing to try and reproduce that, but I don’t see anything.

It doesn’t, that’s provided by Cortile.

My point is that I’m working a solution for end users.

The solutions you’re offering are not user-friendly.

I don’t care.

I’m and end user working for end users.

Which isn’t user-friendly.

Well, I’m just automating what people currently have to do manually : visit GitHub and download DEB and install DEB.

If the automated process would be dangerous then the manual process also would be, and that would be on the maintainer for not providing an APT repository or a Flatpak, not on the user for just downloading from GitHub.

Why the OOP structure and syntax ? Sorry but it makes it difficult to read for me even in my own language 😅

I didn’t know there was one, that’s interesting, thanks.

Updates must still be delayed because of being third-party though.

I’d be willing to implement additional features for people who are extra careful about security.

Could you please explain what does this consist in ?

Thanks

Discord not automating downloads of DEBs is one of the reasons motivating me to do this.

Personally I need the desktop client because I mod it with plugins that are so useful that I can’t do without these anymore.

Alternatively, there are third-party repositories here and here.

There still is delay between Discord releases and repository updates so I still believe dynapt to be the better solution.

Thanks !

Thanks, and agreed !

Fortunately, copy/pasting works and you only have to do it once.

Yeah, I don’t have the skill for this. I’d be very happy if someone else would make this, but if not then I’m sticking to HTTP.

In an APT package OMG 😂

I found an online version though, which I would never have found through my search engine (and on a site that doesn’t even support HTTPS) 😅

Looks like difficult reading too 😭

Thanks anyway.

Sorry to ask

Don’t be. I would love to know that an existing and more experienced program does what mine does.

I’ve been looking for it myself for a long time before deciding to build it.

isn’t this basically the same thing as apt-cacher-ng?

Here’s what I’m reading :

Apt-Cache-ng is A caching proxy. Specialized for package files from Linux distributors, primarily for Debian (and Debian based) distributions but not limited to those.

A caching proxy have the following benefits:

• Lower latency
• Reduce WAN traffic
• Higher speed for cached contents

+------------+         +------------+        +------------+
| Apt Client |  <------+ Apt Cache  | <------+ Apt Mirror |
+------------+         +------------+        +------------+

So, not the same thing.

It locally mirrors existing repositories containing existing packages, it doesn’t locally create a new repository for new packages from standalone DEBs.

I don’t know anything about RPMs, but if you or anyone is familiar with it then perhaps !

local repo with file:// scheme

With that, I couldn’t trigger a download when apt update is ran, I could only do a cron, i.e. a delay, that I do not want.

custom apt-transport

I thought about that, but found no documentation on how to do it. If you have any, I’m interested.

Even just finding documentation on how to generate DEBs and APT repository metadata files was very hard.