dl9220 wrote:
Besides, did you mention WHY you don't touch ppa's with a 10 ft pole ?
I can tell you why
I didn't when I was using the Ubuntu-based Mint.
It's all about trust.
How do you know that any-random-ppa is what it claims to be? How do you know that it isn't or never will upload malicious files onto your system? There's very little verification or oversight in the PPA world, and a maintainer can upload whatever he/she likes. If you are using a PPA to which the maintainer pushes malicious files, guess what? They'll be installed on your system and you probably won't notice until it's too late (if then).
It's very different from the official repos. For the repos, I can inspect the source code of any package if I want, and even build a .deb from source that is identical to what I would get from the repos. Though I rarely do this, there are enough of us inspecting enough packages that a malicious package should be noticed quickly. Besides that, there are many deterrents that make it difficult for a maintainer of a repo to upload malicious software. For one, he's not the sole owner of the repo - there's usually many people involved and they all know what each other does. Two, he's not anonymous and if it's discovered that he knowingly uploaded malicious software, he would lose whatever standing he had in the Linux world and possibly (probably) be subject to criminal prosecution as well.
For a PPA, the owner and maintainer are usually the same person, whose under no obligation to anyone to do what's right, and who is only known to the community by his username. If by chance it's found that he uploaded malicious files, he can just slip away and not suffer any consequences. Also, many PPAs (such as the one being discussed here, I believe) don't offer the opportunity to inspect the source code, making it very difficult to detect malware.
I don't mean that you should never use a PPA, but it should be a last-resort option. For example, I trust the LibreOffice ppa relatively well, and if I needed the newest version of LibreOffice I might use it (if I were using the Ubuntu-based Mint). PPAs from well-trusted and respected sources are much less likely to be malicious. But still, I'd first explore other options (upgrading Mint to a newer version would be one option) before upgrading LibreOffice to a new version via PPA.
Please don't make the fallacy that viewing something as a security risk means I need to crawl into my cellar (or any other paranoid comparison).