1

When getting software from the Ubuntu Software Center I often see that it says "Optional add-ons", like for instance here for rkhunter these are the Optional Add-ons it displays:

rkhunter Optional Add-ons

Are these optional add-ons made by the developers of the software or at least approved by them? Or are these third-party add-ons? Or does it vary?

I am running Ubuntu 14.10.

1 Answers1

3

If I were to make a guess, the "Optional Add-ons" are what would be called Recommends or Suggests dependencies. They are listed by the package maintainer of whichever package you're trying to install, but may or may not be developed by them or be approved by/known to the upstream developers.

And indeed it is so:

$ apt-cache depends rkhunter | grep -Ei 'recommends|suggests'
 |Suggests: bsd-mailx
 |Suggests: mailutils
 |Suggests: heirloom-mailx
  Suggests: <mailx>
  Suggests: tripwire
  Suggests: libdigest-whirlpool-perl
  Suggests: liburi-perl
  Suggests: libwww-perl
  Suggests: powermgmt-base
 |Recommends: <default-mta>
  Recommends: <mail-transport-agent>
 |Recommends: wget
 |Recommends: curl
 |Recommends: links
 |Recommends: elinks
  Recommends: lynx
  Recommends: iproute
 |Recommends: unhide.rb
  Recommends: unhide
  Recommends: lsof
muru
  • 197,895
  • 55
  • 485
  • 740
  • But they are actually approved by the developers? –  Feb 12 '15 at 17:09
  • These are added by the package maintainers. The actual upstream developers may or may not have any knowledge of them. – muru Feb 12 '15 at 17:10
  • What I am trying to really get at is, could any of them be malicious? Or are they all checked or something? –  Feb 12 '15 at 17:12
  • 1
    @Toroidal Oh, that. That has nothing to do with these apps being recommended or not, but with the source of your downloads. Hold on, I'm pretty sure that question has been asked before. – muru Feb 12 '15 at 17:13
  • @Toroidal See http://askubuntu.com/questions/52858/which-ubuntu-repositories-are-totally-safe-and-free-from-malware – muru Feb 12 '15 at 17:15