On Fri, 13 Sep 2019 19:44:55 -0400 Michael Orlitzky <[email protected]> wrote:
> They silently get something less than > they're expecting. We would be better off telling people to run "go > whatever" themselves, or by putting this stuff in an overlay where > expectations are clearly defined. That suggestion actually decreases security. Especially if the package in question is intended to be run as root. At least with using portage, you can side-step the nonsense of "and here's how you install this in /usr/bin .... curl url | sudo bash - " And additionally, we get a sandbox and all the features of file ownership tracking. And if there is a complaint about the package misbehaving, a bug can be filed in a common location, and a gentoo dev can actually fix the problem, even if upstream have moved on to greener pastures. ( This is the sad state of a lot of older perl stuff these days, they simply don't work vanilla any more, and gentoo are putting the patches in to keep it working ) So in summary, Portage does a lot more for the end user than "ensure dynamic linking works".
pgpvsUZ0SBpwv.pgp
Description: OpenPGP digital signature
