From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 24964 invoked by uid 1002); 8 Sep 2003 07:10:05 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 4918 invoked from network); 8 Sep 2003 07:10:05 -0000 Date: Mon, 8 Sep 2003 03:10:47 -0400 From: Michael Cummings To: Gentoo-Dev Message-ID: <20030908071046.GE3229@enki.datanode.net> Mail-Followup-To: Gentoo-Dev References: <200309072234.06470.jk@microgalaxy.net> <20030907203546.GA6996@cerberus.oppresses.us> <200309080140.32886.jk@microgalaxy.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200309080140.32886.jk@microgalaxy.net> X-Operating-System: Linux 2.4.21 i686 User-Agent: Mutt/1.5.4i Subject: Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection X-Archives-Salt: 58e2cfac-9a99-4502-99c8-afc9af631c64 X-Archives-Hash: 794ef2c372aeb60156a15cdfa04fc257 Jan, I mean no offense, but to answer some of your questions in the latest addition to this thread... On Mon, Sep 08, 2003 at 01:40:32AM +0000, Jan Krueger wrote: > > Installing software at the end comes down to putting files at the right place. > (on windows you would add: modifying the registry) > > So thats exactly what portage should do: put files at the right place. > Portage is nothing more than a middle man. Ebuilds are recipes at best. We rely almost entirely on the upstream author to put the files where they are supposed to go. Functions like pkg_preinst and pkg_postinst exist because not all upstream authors concur on where their files should go; because inevitably a tweak here and there is needed to keep user interaction at zarro. > The ebuilds may play in the sandbox whatever game they like. > It should however in no way possible for them to wipe your box. > Symantics, I know, but the ebuild isn't wiping your box. A poor piece of product control, perhaps, but an ebuild is just a pretty bash script. Are there wheels in motion to counter this possibility? Of course. A big one in my opinion is the consideration of a staggered portage tree, so that an ebuild commit today doesn't mean its available tomorrow, but that instead there is a grace period to work from in case "something bad" crops up. I think you're being misread in this thread, but I also think you are losing sight of the original intent of a metadistribution - let people have it their way. We do this in our spare time, all of us, and we do it "for the love of the game." And that love gets hard to see sometimes. It's get to be paranoid about security - just remember we're trying. Egads, I need sleep folks. And coffee. Lots of coffee. Jan, one last thing - If you don't trust an ebuild to merge properly, then break it out. ebuild /path/to/foo/bar install; cd /var/tmp/portage/foo/bar/image; ; ebuild /path/to/foo/bar merge; Enjoy! Shop SMART, shop S-Mart! -- -----o()o--------------------------------------------- | http://www.gentoo.org/ | #gentoo-dev on irc.freenode.net Gentoo Dev | #gentoo-perl on irc.freenode.net Perl Guy | | GnuPG Key ID: AB5CED4E9E7F4E2E -----o()o--------------------------------------------- -- gentoo-dev@gentoo.org mailing list