On Fri, Aug 24, 2012 at 03:38:33PM -0700, Doug Barton wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 8/24/2012 1:15 AM, Baptiste Daroussin wrote: > > BTW for people who haven't tested and want to share their opinion, > > here is how work /usr/sbin/pkg: > > > > it first checks if ${LOCALBASE}/sbin/pkg is there - if yes it > > directly execute ${LOCALBASE}/sbin/pkg with arguments passed to > > /usr/sbin/pkg > > As others have already pointed out, this is a bad idea for a variety > of reasons, not the least of which is security related. It also > removes one of the primary benefits of pkg, that it be (fully) hosted > in the ports tree. Can anyone give me he details on the security related problem? Can I also have the details on why it would remove the benefits of being fully hosted in the ports, I have no plan to remove it, currently the ports tree is also able to bootstrap itself pkg without needing /usr/sbin/pkg. the bootstrap tool is currently just a transparent way to bootstrap pkgng, it is not mandatory at all, one can leave without it, and it doesn't prevent pkgng to fully leave in the ports tree? What do I miss here? Once again I'm not opposed at all to remove it in favour of pkg-bootstrap, but it currently seems to lacks a bit of detailed arguments. > Let me rephrase that more simply ... very few users are ever going to > need the bootstrapping tool that will be in the base. Making it > mandatory for *every* user is therefore not only a bad idea, it's > contrary to one of the primary goals of the project. > Why would it be mandatory? it is just a transparent kind of helper tool regards, Bapt
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:30 UTC