| 1 |
Dnia 2015-01-23, o godz. 17:27:16 |
| 2 |
Michael Orlitzky <mjo@g.o> napisał(a): |
| 3 |
|
| 4 |
> On 01/23/2015 05:07 PM, Michał Górny wrote: |
| 5 |
> > |
| 6 |
> >> Even `wget --no-check-certificate` would be a big improvement. |
| 7 |
> > |
| 8 |
> > ...because? |
| 9 |
> > |
| 10 |
> |
| 11 |
> You rule out some 13-year-olds in coffee shops as attackers. I |
| 12 |
> overstated -- since the user isn't replying with any data, it's not a |
| 13 |
> big improvement, but it's still a little better. |
| 14 |
|
| 15 |
So I have a few options at hand: |
| 16 |
|
| 17 |
1. put a checksum in the news item. The item is GPG-signed, so |
| 18 |
the checksum will be protected. Of course, nobody bothers to check |
| 19 |
the signature but anyway... Bad news is that I don't know of any |
| 20 |
command to check signature that would really fit in 80 chars. |
| 21 |
|
| 22 |
2. Put it .gpg-protected. Then oneliner is simple 'wget -O - ... | gpg |
| 23 |
-d | python' (I have no idea how far gpg verifies there). But it means |
| 24 |
that people who don't care and don't have GPG won't be able to use |
| 25 |
the one-liner. |
| 26 |
|
| 27 |
3. Put it in an ebuild, after all. This will add a lot of complexity |
| 28 |
but GPG comes for free, plus some people will actually test |
| 29 |
and stabilize it. |
| 30 |
|
| 31 |
Do you like 3.? |
| 32 |
|
| 33 |
> >> |
| 34 |
> >> No, but the error says to set it, not export it =) |
| 35 |
> > |
| 36 |
> > Thanks, mr troll. REALLY HELPFUL. |
| 37 |
> > |
| 38 |
> |
| 39 |
> Ok it looks stupid, but I was serious. I source my make.conf in |
| 40 |
> ~/.bashrc, so I have PORTDIR and friends set in my shell. I have PORTDIR |
| 41 |
> set, and the thing is telling me to set PORTDIR? It took me a moment to |
| 42 |
> realize what was wrong. It will certainly stump others. |
| 43 |
> |
| 44 |
> If what you really want them to do is prepend PORTDIR="..." before the |
| 45 |
> wget command, then why give them the wget command without it? Or if the |
| 46 |
> environment variable needs to be set and then exported, why not just say |
| 47 |
> that? The news items go out to tens of thousands of people so the more |
| 48 |
> explicit the instructions are, the better. Because then people won't bug |
| 49 |
> you about all the ways in which they misinterpreted the instructions. |
| 50 |
|
| 51 |
People usually won't need to do that. Unless they do something stupid |
| 52 |
like switching to a Python interpreter they disabled in the eclass... |
| 53 |
|
| 54 |
-- |
| 55 |
Best regards, |
| 56 |
Michał Górny |
Archives