On Mon, Apr 28, 2008 at 9:19 AM, der Mouse <[EMAIL PROTECTED]> wrote: > > I'm surprised the configury let you select it. > > Oh, I didn't use configure. configure scripts are horrible in two big > respects[%]: (1) something like half of them get at least one thing > wrong in my experience, and it's hell to convince them they're wrong > when they are - I've typically ended up applying private patches after > running configure in those cases; (2) they're a security disaster > waiting to happen (very hard to sandbox, mind-numbing to eyeball-check, > much harder to mechanically check out than the program they're > configuring in almost all cases, which adds up to "perfect trojaning > target").
FWIW this is one reason why I try very hard to regenerate configure scripts and makefiles with autoreconf instead of just trusting whatever megabyte shell script ./configure happens to be in any random tarball. Which was why I was very happy to see configure and Makefile.in disappear from CVS. OTOH, if you're compiling source, are you personally checking each and every line of C code? That, too, could contain trojan horses... (granted, they're more in-your-face there than in some huge shell script nobody really looks at) > [%] I'm not alone in holding this opinion; just today, on another list, > someone said he was "starting to wonder why the Open Source developers > are so enamoured with the use of libtool, automake & autoconf".... Those who do not understand the autotools are doomed to reinvent them :) _______________________________________________ geda-dev mailing list [email protected] http://www.seul.org/cgi-bin/mailman/listinfo/geda-dev
