A Quicklisp Debian package
- Subject: A Quicklisp Debian package
- From: firstname.lastname@example.org (Paulo Sequeira)
- Date: Sun, 1 Jan 2012 01:23:48 -0600
- Message-id: <[🔎] CAEa5HOrkPny8cBHH6EVc5Qj-tzfjY9tWYEi4W24MT6n7R4zV9Q@mail.gmail.com>
- In-reply-to: <email@example.com>
- References: <firstname.lastname@example.org> <CAEa5HOp0eg8i7wvnzq2YcD1RxfGwgqiFPvPRNBqimaNzjRa8hw@mail.gmail.com> <email@example.com> <firstname.lastname@example.org> <CAEa5HOpuCmthApDZ8z_FeCyYX8jP-ie9Kj2EuRi2uF1gc6tVuA@mail.gmail.com> <email@example.com> <CAEa5HOrHgby_LErYg9jHqt13V_xWU4xA=LEfNn5p3caj6BGmHw@mail.gmail.com> <firstname.lastname@example.org>
On Sat, Dec 24, 2011 at 6:08 AM, Sebastian Tennant
<sebyte at smolny.plus.com> wrote:
> More importantly though, running as root introduces a huge security hole and
> means that we are relying completely on Zach Beane to vet all the code he
> accepts into the Quicklisp distribution.
> I've looked at instructing Quicklisp to simply download libraries, rather than
> downloading them and compiling them (see 'install' versus
> 'install-and-compile') but a number of important Quicklisp librarieshave to be
> compiled at installation time for their dependencies to be correctly handled,
> so compilation is a requirement and I don't think this should be done by a lisp
> image running as root!
> Unless you can convince me otherwise, for this reason alone, I will soon be
> reintroducing the system user.
Fair enough. You make a good point and I agree with you that a
dedicated user account is called for.
> Alternatively, you could try using the standard github collaboration model.
> This is probably best if you're going to get more involved (which I hope you
I must confess I'm more familiar with traditional VCS, but let me
review the instructions and prepare my forked repositories.
> While we're on the subject of workflow, I propose that we move discussion on
> swiqlisp development to github as none of this is Debian specific - swiQlisp
> is the upstream project and at some point one of us should take the lead in
> developing a Debian swiqlisp package.
Agreed, let's continue the discussion there.