[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Other things Gentoo have (was: Re: Lagging behind on security?)



On Fri, Jan 10, 2003 at 04:21:52PM -0200, Pablo Lorenzzoni wrote:

> <snip>
> | I don't object to a ports-like system for Debian; I object to the idea of
> | pulling anything directly from upstream and installing it on a Debian
> | machine using Debian-provided tools.

> Come on... most of us have
> non-packaged-pulled-straight-from-upstream-and-compiled tarballs in our 
> systems.

Really?  Most of my systems don't have such software installed; when it
is installed, it's proprietary software that wouldn't be available in
ports anyway.

> I don't see why we couldn't provide better tools to build .deb 
> packages out of tarballs in a Ports-like system and ease users life by 
> allowing it to use our dpkg database to manage those packages.

It is not the package manager that makes Debian a coherent system; it's
Policy that does this.  Making it easier for users to install packages
that do not conform to Policy makes it easier for those users to break
their systems.

> Maybe, if such a system does exist, we should have policies allowing then to 
> be installed just under /usr/local or something like that.

That would be ok, but difficult to enforce:  upstream could at any time
change their software to install somewhere else by default.  If it
doesn't use autoconf, how do you handle that?

> | > Come on... is it really that a big deal? It's just some way for
> | > advanced users to generate .deb packages from upstream tarballs. Maybe
> | > even we, developers, could have some use for it, after all...

> | I don't think advanced users are the ones most likely to use such a tool.

> So what? A regular user can use devscripts with no restrictions, why couldn't 
> he use a Ports-like system?

If devscripts is a loaded handgun pointed at your foot, an unvetted ports
system is a nuclear missile suspended downward above your house with a
button that says 'press here'.

-- 
Steve Langasek
postmodern programmer

Attachment: pgpORbrPSPRry.pgp
Description: PGP signature


Reply to: