yyyc514
Group: Members
Posts: 41
Joined: Aug. 2005 |
|
Posted: Sep. 02 2005,21:06 |
|
Quote (ke4nt1 @ Sep. 02 2005,16:15) | The /opt/bin and /opt/lib option has been discussed before. But there are still some challenges , even with that in use.
Depending on the program, some applications during the duration of their execution , STILL insist of finding needed things in certain locations..
|
I don't know what the /opt/bin and /opt/lib discussion is about but my thought is to extract an entire non-recompiled UCI into say /opt/package/root... and under root you would find bin, etc, lib, usr etc... then a post instal script soft links the correct locations in the filesystem to the /opt locations... doesn't matter if the program is looking in certain locations, the files will be there because they will be linked...
Quote (ke4nt1 @ Sep. 02 2005,16:15) | A post-install, and post-uninstall script would seem unnecessary, if the extension and application is assembled and compiled properly.. Any configuration needs can be handled within the wrapper at execution time..
|
This is hard for XFCE, where my goal is for it to be installed on a CD and to automatically boot, replacing Fluxbox... to do that it replaces .xinitrc in /home/dsl... if there was a postinstall script I could warn the user, make a backup (my preference), ask a question, etc... that's currently impossible... either it cannot be automated and the user has to do something manually or you simply overwrite the .xinitrc... a post-install script would provide some much better options.
I've even thought of creating a DSL just to add post-install script functionality to DSL... does that mean I'd be viewed as an evil child?
I'm confused as to why a post-install script is any less secure than a wrapper if someone is theoretically auditting such things in the first place...
Quote (ke4nt1 @ Sep. 02 2005,16:15) | Since DSL doesn't allow custom code in the extensions, this seems kinda moot anyway ( excepting the wrappers )
|
Second time I've heard this... what does this mean exactly? Is there a written policy somewhere explaining practical application?
Quote (ke4nt1 @ Sep. 02 2005,16:15) | User created scripts and executables make me nervous, anyway, from a support and/or 'source code available' point of view..
|
I think a policy not unlike Debian's (though I claim to be no Debian policy expert) requiriing certain licensing and source code availability isn't bad at all... I wouldn't want some blackbox code running either... but if it's plain text... or if it's compiled code with available source... I don't see such a problem.
And the fact is someone submitting any package that includes binary files and you have not built it from source yourself... how do you know anything about that package? My XFCE package could format your hard drive after 30 days (rest assured, it does not)... unless (like Debian) you start with pristine source, a small patch, and do the compile yourself you're still open to all sorts of security breaches.
Just my $0.02.
|