Benjamin Reed: Please ignore this message. Agreed, the Panther release
is more important, and this is not a request for user-mode fink
immediately. Just a parallel discussion among people who are interested. Fair enough?
I still have time to e-mail, I just got a little pissy because we really don't have time for "one more thing" to make the panther release. =)
I apologize if the tone of my last e-mail sounded worse than it was intended, I really have no emotional investment either way in whether we have user-mode fink or not. I do, however, have a lot of stress coming for the next two weeks as David and I get things happy for a Real Release. ;)
You seem to have missed my earlier message on the topic, so let me reiterate: it's not clear to me what problem your modification solves. As far as I've seen, there are three possibilities:
1) Allow people who don't have root access to use fink to install "personal" software -- Nope, having a fink user doesn't help because regular users won't be able to switch to/create the user.
Agreed. If people want to install their own fink in /Users/ranger/fink, it's no good to have it owned by someone else.
2) Allow package maintainers to debug .info files in a "sandbox" so they don't trash their /sw trees. -- Nope, if all fink packages are owned by a fink user, then package maintainers can still trash their /sw trees.
This, too, is true. I'd also argue that if you don't know what your package is going to install by the time you make the info file, then you're not being very safe in your porting in the first place.
Generally when I port something new, I already get the advantage of what you're talking about. I do:
export LDFLAGS="-L/sw/lib" export CPPFLAGS="-I/sw/include" ./configure --prefix=/sw make make install DESTDIR=/tmp/mypackage
...all as myself. If it fails, it's because "ranger" isn't allowed to write into the /sw tree, and then I can fix things. Only *then* do I make an info file that mirrors what I had to do on the command-line (the LDFLAGS and CPPFLAGS lines are the defaults passed by fink to configure).
3) Prevent malicious fink scripts/open source software from doing damage on your machine. -- Actually, yes, your patch helps with this as long as fink _never_ requires root for anything. If this is the case, then after you create the fink user, software installed through fink will only be able to harm other fink software. This is probably a step in the right direction,
Yup.
Security is the only "real" reason I can think of that it should be an issue. But then, you're already trusting fink with the built software, so it's only a small consolation.
If people are truly paranoid about their systems, they'll build things by hand. The next level up is an administrator installs all new software, and users can just use it.
On single-user machines, 99% of fink users don't know the difference, and probably rarely install new software anyways.
-- Benjamin Reed a.k.a. Ranger Rick -- http://ranger.befunk.com/ gpg: 6401 D02A A35F 55E9 D7DD 71C5 52EF A366 D3F6 65FE "You can scoff, Lister, that's nothing new. They laughed at Galileo. They laughed at Edison. They laughed at Columbo." "Who's Columbo?" "The man with the dirty mac who discovered America." -- _Red Dwarf_
pgp00000.pgp
Description: PGP signature
