On Fri, 12 Jan 2007 06:38:23 +0900 Georgi Georgiev <[EMAIL PROTECTED]> wrote: | I agree that if an ebuild wants to misbehave it can and there is no | stopping it. However, code that is executed in pkg_* is generally | restricted to code written by the person who is involved in | maintaining the ebuild. It is easy to read that code and see what it | does. In contrast, the stuff that is run with lowered privileges is | usually coded upstream. I'd like to have that run with lowered | privileges, no matter what.
So you trust upstream to install arbitrary content on your computer, some of which may not be removed even when you uninstall the package, but you don't trust the package to compile with elevated privs, even when a Gentoo developer has carefully checked why userpriv is required? -- Ciaran McCreesh Mail : ciaranm at ciaranm.org Web : http://ciaranm.org/ Paludis, the secure package manager : http://paludis.pioto.org/
signature.asc
Description: PGP signature
