Luci-app-log reliable because not listed in plugin repo

Hi,

is it secure to install plugins that are not listed in the plugin repo like: https://github.com/gSpotx2f/luci-app-log

I am unsure as the ipk has to be installed and not the sourcecode.

Regards,
Nils

save it to your computer and use the upload package button in the software page to upload the ipk.

treat it as the equivalent of sideloading apps on your phone and you'll be fine.

The other way to install is to SSH to the router and download the ipk file and use opkg to install it manually. Theres instructions in the wiki.

I think more like installing a virus or other malicious software. The plugin looks interesting…

.ipk files are just .tar.gz archives.
And LuCI apps usually do not contain compiled code, so you should be able to look into the included files (lua and JavaScript).

1 Like

a) you'd have to trust the author and provider of those packages (nor not)
b) luci is under active development, packages built with an older/ newer luci base in mind (and a few weeks can make a major difference) might break 'horribly' if forced into an incompatible version (similar things would apply to complied binary code and non-matching library ABIs, libc in particular).

1 Like

Will check and then decide to install it. Good to know it’s ipk. Many thanks.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.