| 1 |
On Fri, Jun 07, 2002 at 10:53:44AM +0200, Alexander Holler wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> --On Donnerstag, Juni 06, 2002 22:33:22 -0700 Jeremiah Mahler |
| 5 |
> <jmahler@×××××××.net> wrote: |
| 6 |
> |
| 7 |
> >The goal is to have packages that are of high quality. |
| 8 |
> |
| 9 |
> That was not my intention. I just want to make the distribution a little |
| 10 |
> safer against worm or virus infection. |
| 11 |
|
| 12 |
To me, a package that has malicious code such as a "worm" or "virus" is |
| 13 |
of "low quality". |
| 14 |
|
| 15 |
> |
| 16 |
> Beside that, I'm of the opinion that the developer of the software knows at |
| 17 |
> best the quality of it. And I think an ebuild is (or should) normally not |
| 18 |
> more than calling configure, make and make install from the original |
| 19 |
> package. It was always a miracle for me, why a debian maintainer could |
| 20 |
> know anything more about the stability of a package than the original |
| 21 |
> developer. And because portage can handle more than one version of a |
| 22 |
> package, it should be up to the user to decide which versions he wants. |
| 23 |
|
| 24 |
I agree with you on the fact that ebuilds should do the least amount |
| 25 |
possible in order to get the job done. |
| 26 |
|
| 27 |
If anyone can submit ebuilds and the only way a user can discern between |
| 28 |
different ebuilds is by the version number than the following is true: |
| 29 |
1. an ebuild can contain malicious code (worm, virus, etc) |
| 30 |
2. nothing will prevent the user from using a malicious ebuild |
| 31 |
|
| 32 |
> |
| 33 |
> I'm switched to gentoo because it offers me actual versions (compiled for |
| 34 |
> my machine) with the comfort of just calling 'emerge package'. |
| 35 |
> |
| 36 |
> Regards, |
| 37 |
> |
| 38 |
> Alexander |
| 39 |
> |
| 40 |
> |
| 41 |
> PS: I would find it nice if someone would describe the USE-variable 'tests' |
| 42 |
> in the appropriate places (e.g. portage manual). Maybe this would inspire |
| 43 |
> some ebuild-designers to call 'make tests' (if that is offered) before |
| 44 |
> installing. This could make the quality a bit higher. ;) |
| 45 |
> |
| 46 |
> _______________________________________________ |
| 47 |
> gentoo-dev mailing list |
| 48 |
> gentoo-dev@g.o |
| 49 |
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev |
| 50 |
|
| 51 |
-- |
| 52 |
Jeremiah Mahler |
| 53 |
<jmahler@×××××××.net> |
Archives