RHEL (server & client in EPL7 repo)
You probably mean âEPELâ (instead of EPL)? 
@morph027 you state explicitly on the page that your packages are not âofficialâ. Now you can argue back and forth on that, but this is a community - youâre undeniably part of it, providing these packages for loads of people, and we have no âofficialâ stamps for packages, pro or con 
You maintain recipes in a public git repo on gitlab, which would be a big requirement if there ever was one for being âofficialâ. Another would be getting contributions, having a team - Iâm sure youâd welcome PRâs, though.
What Iâm saying is - I donât want to tell you what to do but I kindly suggest the big disclaimer about this not being âofficialâ isnât really neededâŚ
Nice to know, going to remove this
But as said before, with the new updater, packages arenât necessary anymore IMHO. It just works
1 Like
Agreed. But we donât have automatic updates yet - once we have that I really think it is better if people donât use packages but use the zip file, from a security point of viewâŚ
1 Like
But it will be impossible to have an automatic updater unless a lot of stuff changes. Right now, if you follow the secure directory guide, it kills the updater from working. You have to log in as root and chown things back to apache. Then you can run the update. Then you have to chown it all back.
Our current security hardening guidelines do not recommend changing ownership or permissions on the files of Nextcloud as the security benefit is largely absent.
See this PR for a bit of information on this. Essentially I believe the issue is that it is so easy to work around the limitation of non-writable application files that it makes no difference while it DOES create a higher barrier to updating which is a far more dangerous situation.
Feel free to engage in the issue above but please provide facts and links to them rather than opinions as this is a well researched topic and Lukas knows his stuff.
FYI I updated the fipo with links to docker, QNAP image and VM⌠I also linked to it in our install page. It is easier to keep this up to date than the websiteâŚ
It is not official QNAP store. It is community store. I wouldnât recommend it for newbies.
Ah, I did not know that, thanks!
You guide was changed after I had already followed it during my original install. The commit history of that PR shows as much.
You should be a little more concious of how recent changes are when trying to tell someone that they did something wrong.
How should this be handled properly? Until NC 12 there are still the old hardening tips, you would have to notify people upgrading from NC 11 to NC 12. Would be a point for the release note which in the end nobody reads and people will come here and complain anyway.
Feel free to share your ideas on how to improve the documentation, make suggestions, you can even contribute â https://github.com/nextcloud/documenation
The community is indispensable for improving the documentation, the developers know a lot about the code but only the users know which parts are hard to understand or which information is missing.
The choco package already points to all proper sources. Else it would not have been approved by the mods there. Also this is my package 
When I wrote my post back on May 5th, I was unaware that the hardening guide had just been changed (April 26th I believe). So my comments were based around the hardening concepts that have been in place since the early days of ownCloud as they were replicated here with Nexcloud until just recently.
Now, with a new clean install, there are no issues to address.
For anyone coming from an older Nextcloud install or an ownCloud upgrade, then it should be pretty easy to document what permissions are required and publish that information so the person upgrading can handle it.
Instead, the process just pukes out a generic âpermission badâ type error and there is no clean documentation stating what the permissions are expected to be.
But because the updater has to be comparing something in order to give an error in the first place, then there should be something that can be documented.
2 Likes
I know it was already submitted there, I said as much in my post. But the point of my comment to @jospoortvliet was to make sure it was officially supported there.
I know it was already submitted there, I said as much in my post. But the point of my comment to @jospoortvliet was to make sure it was officially supported there.
As far as I understand, the Nextcloud guys do not want to be responsible for the complete ecosystem that they create. Which is understandable. Imagine Microsoft being directly responsible for all games that can be played on a Windows machine (I know the comparison is a little offâŚ).
So the responsibility is passed on to the community members of the distros when we talk about Linux. The distros have official repos. For Windows/Chocolatey I guess it will be the responsibility of the Chocolatey community do maintain the package. Though, chocolatey.org is community driven and there is nothing really âofficialâ there. There are core team packages which basically just means that people make pull requests on github, which are then synced to a dedicated server. The one doing the pull request stuff would probably still be me and I find it easier to just have a task running on my PC that regularly checks for updates on the Nextcloud servers. The closest thing that comes to an âofficialâ package on chocolatey.org is a package that is maintained by the Nextcloud devs personally. Which, as mentioned, they donât want to do.
I think the Nextcloud guys would not want to have it handled differently and I donât think it would make sense any other way. But if anyone has any specific suggestions to improve the package, Iâll be glad to help.
1 Like
You are extremely correct. We are building a HUGE ecosystem with over 70 apps already - for which we also canât be all responsible. We donât want to be the limiting factor and hold back the community, instead we want to empower people!
That has downsides, sadly the repo of @morph027 is down at the moment for example 
hope it comes back up soon
1 Like
Sorry for that, internet seems to be down and iâm on vacation with no remote hands availableâŚ
1 Like
Well, when youâre back, you have something to do⌠I know the feeling, am on holiday in Portugal right now
Found some, forgot about grandma taking care of the plants ⌠powercycling the dsl modem was enough, repo should work again
1 Like
I guess you get significant downloads, seeing 2.1K clicks on your repo URL
wish we could get this into debian/Ubuntu proper 