Announcement

Collapse
No announcement yet.

Which to use- sources.list vs add-apt-repository pp

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Which to use- sources.list vs add-apt-repository pp

    Whenever I look at how to install some software that isn't in the standard repository I see 2 options, create a file in the /sources.lists.d folder or add the apt repository via the PPA. Here are the two different methods to install a tor browser and I'm wondering if there are benefits of one over the other. The second one seems easier but IDK if it might be missing some aspect (like the GPG key issue??)

    sudo nano /etc/apt/sources.list.d/tor.list

    deb H T T P s deb.torproject.org/torproject.org bionic main deb-src H T T P S deb.torproject.org/torproject.org bionic main
    curl H t t p s deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | sudo gpg --import
    gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
    sudo apt-get update
    sudo apt-get install tor deb.torproject.org-keyring torbrowser-launcher
    From the command line:

    torbrowser-launcher

    vs

    sudo add-apt-repository ppa:webupd8team/tor-browser

    sudo apt-get update

    sudo apt-get install tor-browser

    So are there benefits to one over the other? If I want to learn to do it the "right" way (most secure) which would be the best way of doing this? Thanks for any advice!
    Tags: None
    • Top
    • Bottom
    #2
    1) Having the main list separate from the add-ons is safer - nothing touches the default list
    2) repository management is simpler and easier, as well as safer (see #1) as a piece of software can't accidentally bung up the sources.list file if it does not touch it in the first place.

    That's about it. There is nothing wrong in editing the sources.list file, and there are zero disadvantages in using individual add-on configs.

    So, there is no right or wrong here, just different methods.



    *buntu can manage PPAs via the add-apt-repository tool. It adds a ppa, and also does the gpg key import for you as well. It also allows for the ppa-purge option. It does not necessarily work so easily with non-PPAs

    Now, you can use add-apt-repostory for non-PPA repos, but it does not grab the key, and also adds a line to the sources.list instead of a separate file. See how it is done for winehq I do not think this can be undone using ppa-purge, but I could be wrong on this.


    Also, using your Tor as an example, note that the PPA is not done by the Tor folks themselves, so you are seeing two completely different repos. Actually, the PPA is managed by some folks from the Webupd8 website, and not connected to tor or to Ubuntu. The Tor folks method works on any debian based system (which includes *buntu), while the PPA method is only for Ubuntu based distros. It makes perfect sense for Tor to have a repo that works for more distros using fewer resources.
    • Top
    • Bottom

    Comment

    Previous template Next
    Working...
    X