Unofficial/Local repositories and how do they differ from PPAs in Launchpad

Solution 1:

If you boil this back to the simplest terms:

What is an official repository and an unofficial one (Local Repository), including the ones created outside of Launchpad.

An official repository is one published as part of Ubuntu, managed by Canonical and Ubuntu MOTUs.

They currently consist of main, restricted, universe, multiverse, partner, extras and some exist in multiple "states" (-proposed, -updates, -backports, etc).

The repo names might change in time but the point is that these are .

On mirrors: The contents (MD5 hashes of files, etc) of the repository are signed with the Ubuntu key so even if you're pulling the official files from a non-official mirror, you can be fairly certain that they are the original files.


How do repositories created outside of Launchpad compare to the ones found inside of it in terms of first, security, followed by any other features that both offer.

You can't implicitly compare security levels between a Launchpad PPA and another non-official repo hosted elsewhere. It all boils down to how much you trust the person running the repo.

The difference is with a Launchpad PPA, you can see the person who is packaging things. Most times you can see the source. In other repos (eg: dl.google.com or repo.steampowered.com) you likely know neither.

Trust is an odd thing.

Feature-wise a repo is just a particular structure of directories and files, hosted on the web. The only special features I've ever seen are authentication to allow only people who have purchased software to download it but this very basic web server security and hardly special :)


How do official software repositories differ from the ones created by 3rd party PPAs in Launchpad or outside of it.

This is perhaps the biggest of the questions and it's probably best answered (if indirectly) by another question: How to get my software into Ubuntu?

Official repo software is supposed to have a development process behind it. Levels of testing that ensure quality and an amount of peer review. PPA maintainers can encourage this sort of process but it's not something you can assume. Some are better than others.