1 |
On Fri, 12 Jan 2007 06:38:23 +0900 Georgi Georgiev <chutz@×××.net> |
2 |
wrote: |
3 |
| I agree that if an ebuild wants to misbehave it can and there is no |
4 |
| stopping it. However, code that is executed in pkg_* is generally |
5 |
| restricted to code written by the person who is involved in |
6 |
| maintaining the ebuild. It is easy to read that code and see what it |
7 |
| does. In contrast, the stuff that is run with lowered privileges is |
8 |
| usually coded upstream. I'd like to have that run with lowered |
9 |
| privileges, no matter what. |
10 |
|
11 |
So you trust upstream to install arbitrary content on your computer, |
12 |
some of which may not be removed even when you uninstall the package, |
13 |
but you don't trust the package to compile with elevated privs, even |
14 |
when a Gentoo developer has carefully checked why userpriv is required? |
15 |
|
16 |
-- |
17 |
Ciaran McCreesh |
18 |
Mail : ciaranm at ciaranm.org |
19 |
Web : http://ciaranm.org/ |
20 |
Paludis, the secure package manager : http://paludis.pioto.org/ |