Downloading applications via a package manager is basically the same as downloading applications on your phone via an "App Store" application. (Especially if you are using a package manager with a GUI)

Millions of people use app stores everyday. And I'd say a huge percentage of those people are the ones who would also download a program on their PC from download.com

Which sounds more accessible:

  1) click package-manger program
  2) type the name of the program you want to install
  3) click install

  OR

  1) open web browser
  2) go to http://yahoo.com
  3) type google
  4) click the first link
  5) google "download program_i_want"
  6) click on link leading to "www.download.com/malware/viruses/tracking/program_i_want"
  7) stare at the dozen different DOWNLOAD! buttons, and wonder which one
  8) click the biggest flashiest one
  9) wait for it to finish downloading
    (if it doesn't automatically start and installer)
    a)open File explorer
    b)Go to Downloads folder
    c)wade through the hundreds of other downloads until you find kd457sfjgs_download_app_i_want_setup_INSTALLER.exe.EXE
  10)Once the installer is started click the NEXT button a dozen times, inadvertently installing extra malware each time

Your cognitive dissonance is astounding. With most package managers, unless you know exactly what you want then you're up shit creek. That's assuming you even know what a package manager is, for the millions of people using App Stores every day they'd be completely lost if you asked them to install software on a Linux system.

People often don't go looking for a specific piece of software but rather an idea of what they'd like their software to do. Google and Apple have made tremendous efforts to make their stores discoverable, searchable, and to provide clear feedback and reviews from other users. They also make sure their store icons are front and center on their devices in the hopes that people can find them. The web is also littered with App Store links because the reality is that most people just Google for help.

The unfortunately thing is that there's little commonality or consistency between Linux Distros so if everyone were suddenly on Linux they'd each learn something slightly unique and you'd end up with a lot of frustrated users trying to help each other out while you scoff at them in the corner saying "Hurr durr Linux is easy".

I am guessing this was intended to be something like Ubuntu Software Center, not someone using apt or dpkg straight from the CLI. If I search for 'spreadsheet' in Ubuntu Software Center, I get results that are fairly easy to work with.

In my experience it's more like

    1) apt-get install programiwant
    2) Not found, did you mean libprogramiwant-dev.0.5.1ubuntu01?
    3) apt-get install libprogramiwant-dev.0.5.1ubuntu01
    2) this action will require 0.00001 kb of your 1000TB hard drive, do you want to continue? (Y/n)
    3) This will also install xxxxxx yyyyyy zzzzz xxxyyyyzz yyyyzzzxxx xxxxidontgiveashitaboutthisthirdpartylibraryzzzz xxxyyaaabbb xyayyyxzzzz xxxx-dev list of 1000 packages more, do you want to continue (Y/n)
    4) The following packages has been kept back and will be unloaded aaaa vbbbb aabbbb bbaaa, do you want to continue (Y/n)
    5) bzzzzzzz, loading
    6) The file .abc.etc.conf does not match the source version and will be overwritten by updating xxxxyyyzzz, do you want to (Keep/Local/Source/Abort)
    7) The file .abc.etc.conf01 does not match the source version and will be overwritten by updating xxxxyyyzzz, do you want to (Keep/Local/Source/Abort)
    8) System restart required
    9) programiwant
    10) programiwant: command not found

With ubuntus synaptics package manager you get a fancy GUI on top of this but most of the decisions and endless lists of libraries remain. There's even a "stability level" you have to choose ranging from 1 to 5, good luck with that grandma. Not saying it can't be done, the app stores are a great example of how it can work but there you are stuck inside the walled garden. And even there you still have problem #2 above of finding things, there's just so much crap in the app-store so even if you search for an exact match you will find imposterors trying to ride on the name, minecraft is a great example, search for it on Play store and you will have to scroll through pages and pages of minecraft-guides, blockcrafts, craftmines, minercrafter and whatnot before you even see the real minecraft.

You're being a bit disingenuous in making the latter seem more complicated than it actually is, though. It's only slightly more tedious than a repo, but it's no less accessible.

No, I don't think he is. Not even a bit. Sure, for us techies there's little difference. For your typical non tech user, each of those 10 steps can cause issues. This does not mean they are a moron, just they don't grok IT.

So many will download the file again each time they run it, or spam click next 20x to install, reading nothing. Or just click the topmost, or largest download GIF - which I pretty much guarantee is not the one they should use. Or install loads over the course of the PC's life, but uninstall nothing, leading to buying iPad or new PC basically because they have 4 printer drivers (pointlessly huge things these days), software for their last 3 phones, 234 screensaver apps the child thought was fun, several anti virus (none from a truly legit source).

For the truly non-techies nothing has changed since the days of a web full of crap adsense 5 pagers. Click a link, click another. Main thing that's changed in 15 years? The link probably isn't blue, or underlined.

The level of blind trust shown towards the web, and downloads is terrifying. "It's on the internet, it must be true."

> The level of blind

Is just as high if not higher for a nontechnical user to use Linux. Sure they can look at the source code, but that doesn't mean they'll be able to make sense of it.

What if they try to solve a problem themselves? Googling it will land them on any number of blogs or forums where people post cryptic instructions or link to bash scripts that might as well be black box binaries from their perspective.

>Is just as high if not higher for a nontechnical user to use Linux. Sure they can look at the source code, but that doesn't mean they'll be able to make sense of it.

Except that there is no adware, malware, spyware, or anything else bundled into a Linux repo. The end user may not know what is up, but Debian (and the whole community of package managers) is doing a lot more to protect the end user than CNet, Google or Apple is doing to protect the end user. It is de rigueur that if I install an app from the app store, it will try to spy on me, export my contacts, etc. This is far less likely with a Linux repo.

And when Dell ships a laptop running Debian, they've setup their own repos in the package manager which is along the same lines as installing a trusted root cert in Windows by Lenovo.

The trouble is that these systems are not easy to use and end users have to put their trust somewhere to get a system that is functional for them.

In fact, the malware is often very much too accessible. On these download sites, the software you actually want to download is not the biggest "DOWNLOAD NOW!" link. If you click that, you'll get something completely different. As so many people actually do get - they install accidentally something they weren't looking for, let alone all the malware that comes with it.

Also, the world doesn't end on package repository. In my experience with Linux, a lot of software I want is either very outdated or not in the repository at all. OTOH, for all intents and purposes you can assume that if something can't be found by Google, it doesn't exist.

Yet when I go to grab a piece of software off google I legit have no idea which site to click on.

"Is it speedfan.org or speedfan.net"? I can't remember a concrete example but I've had a few instances of being 50/50 on whether to give up altogether at the risk of getting the wrong thing

The first case only works if you already know the name of the program you want. Otherwise you're funneling straight down the google rabbit hole.

You know you can download .deb files for some stuff and they install fine.

You can download .deb files for everything, and they work great.

You can download all deb files. That's in fact what apt does. It downloads and then installs deb files.

You can also install the wrong .deb files, and wedge your system ;)

The only times I've ever needed to compile a package from its sources was when I was trying to hack away at it.

I've not had to compile a Linux kernel in almost 8 years.

Your argument is specious. You should seriously stop using it. As for the LSB, that hasn't stopped distributions in any way, shape or form. Debian got rid of their LSB meta-package because they didn't need it.

Plus: compiling from source does not mean the code is ad/spyware free.

Ok, assuming that it does not, how many instances in the wild have there been of ad/spyware distributed as source to be compiled on the target machine?

I would imagine that in a world where my mum is compiling from the 'source', the 'source' that she's compiling would be infected in the same way as Download.com is.

"Mom I have told you thousands of times! Configure, make and make install, not configure and make install!"

Ubuntu shipped a spyware package with a few releases. I assume they had a source release with the same package configuration, in which case they were doing exactly that.

Are you referring to the amazon search debacle? Because that does not fall into the same realm, it was very clear that it included this feature from the moment you start it up. It wasn't hidden at all.

That one yes. Many people including the FSF described it as "spyware".

If source distribution was the main way of getting software onto the computers of less technical users then it would be rife.

"Yeah, well I expect the lights had gone out."

Although I guess if this describes Linux, then closed source is generally more like the plans being on display at the local Galactic Council office on Proxima Centauri.