Are all PPAs safe? From where do I know which PPA refers to which packages? Can adding a PPA cause any harm? Or is it that the package when downloaded will cause harm? In particular is it safe to add ppa:ubuntu-toolchain-r/test? Or is it more safer to install packages from official websites?
-
2PPAs are Personal Package Archives so all security checks are on you to perform. No guarantee is provided with them; as they are all 3rd party software sources. You decide your own standards as to what you'll accept; how important security is for you.– guivercCommented Mar 2, 2022 at 7:03
-
In addition, Do not ask more than 1 question in one question entitiy.– EmojiCommented Mar 2, 2022 at 7:11
-
I hope the existing answer helps you, and I've flagged this question as "need more focus".– EmojiCommented Mar 2, 2022 at 7:12
Add a comment
|
2 Answers
Are all PPAs safe?
No. Although there are no known PPA which were solely created to spread malicious software, poorly packaged apps in a PPA can cause dependency issues.
From where do I know which PPA refers to which packages?
Click on package details of a PPA, and you will be redirected to a page containing the list of all packages, like this.
Can adding a PPA cause any harm? Or is it that the package when downloaded will cause harm?
The packages in a PPA might cause harm, not adding the PPA itself. Suppose, a PPA contains a updated version of GNOME desktop, which actually has no contents (i.e., a fake, empty package). If you add that PPA, Ubuntu will "upgrade" to that version, and as a result you will lose your graphical user interface. While such PPAs are very uncommon, there are certain PPAs which contain poorly packaged apps, which may cause dependency issues.
In particular is it safe to add ppa:ubuntu-toolchain-r/test?
It depends. However, since this is mentioned in the Ubuntu Wiki, a lot of users would use it (and any malicious packages will be reported quickly), so I would trust this PPA (but this is my opinion. You should determine on your own whether you want to add the PPA).
Or is it more safer to install packages from official websites?
It is always safer to install packages from the official sources, with sudo apt install name-of-software-here.
answered Mar 2, 2022 at 7:11
In short: You have to trust the developer of the PPA.
PPAs are Personal Package Archives, a service provided by Canonical. Even though the hosting service is official, the programs inside of PPAs are all third-party programs. Use them at your own risk.
The action itself of adding PPAs onto your computer does nothing dangerous, but you have to download the programs at your own risk.
You decide your own standards as to what you'll accept; how important security is for you. – @guiverc
Are all PPAs safe?
No. As I said, PPAs are third parties, so they cannot be 100% trusted.
