Submit A Tip Alternative Tip Form

Ninite for Linux beta released, installs apps for you – though can it be trusted?

If you’re going to read this post, I suggest you also read this post here afterwards.

Reader Heiner Valverde dropped us a handy hint today in the OMG! inbox: Ninite, a website that provides an easy way to install multiple applications after a fresh install, has released a beta version for Linux users. That’s right, us!

But, it’s not all fresh roses – I delved deeper into the mystery that is Ninite, surely something as good as this can’t be true?

Does it work?

Ninite apparently has three basic steps:

  1. Pick your favorite software below.
  2. Click “Get Installer” and run it.
  3. You’re done!

The Linux version creates a .deb for you to download and then installs all of the applications you checked. It will also apparently “add the proper APT repositories and keys and then install the apps for you.”

Traditionally I’ve just manually installed everything I need after a fresh install, and for a while, I had a simple script that I would run. It contained a bunch of apt-get install commands to make it just a little bit easier.

I tested out Ninite just now by going to the site and checking Google Chrome, Transmission, and Thunderbird. Sure enough, it did generate a .deb – only 1.9kb in size. I presumed this would run some sort of magical script.

I didn’t want to bork my system or install some malware, so before installing it I did do a quick Google and it appears to be legit (as tacky as the website background is).

So, taking one for the team (you guys) I went ahead and double clicked. Software Center opened, I installed it and… so far nothing has happened. My computer is still alive (it’s not a smoldering pile of ash), but I don’t appear to have any of the applications I checked in my menus.

Can it be trusted?

Rather than posting something without fully knowing what it does, I took to the OMG! Ubuntu! IRC channel for their opinions – everyone who tested it reported that it didn’t work for them, and Ubuntu Member and all-round whizz kid (whizz man maybe) Alan Pope (popey) did a little more snooping around.

Apparently the .deb executes this python script, which, if you don’t know python, reports your kernel version and Ubuntu release to http://ninite.com/linux/report – not ideal.

Summary

Ninite looks perfectly legit, they have a wikipedia page, which isn’t much value on its own, but they also have a good rating on Web of Trust with many happy customers. Although, with the fishy reporting back of system information and because standalone .debs aren’t GPG signed,  I wouldn’t trust it.

All that aside, if you are daring and brave, check it out and tell us what you think – nobody I know could get it to work anyway.

Update: Check out this post here titled “Ninite for Linux – debunking the myths” which explains the supposed privacy breach.