On Jun 18, 2010, at 4:44 PM, Dan Ports wrote: > The security implications of installing arbitrary binary packages from > random untrusted users are, uh, very alarming to me. > > Besides, I can't imagine that a shortage of compute power is the > largest obstacle to having binary packages (which I, too, would love to > see in MacPorts.)
I think the Original Vision™ we all had, possibly after too much time spent in front of our Hookahs, was that, at some point, "port install myLittlePonyApp +unicorns +glitter +omg" would talk to a central server and ask if there was a myLittlePonyApp+unicorns+glitter+omg package already built for release X and architecture Y, said information being sniffed from the user's machine as part of the query process, and if so that package would be downloaded and installed to the user's machine without anything needing to be built. If it didn't exist, the server would then attempt to build that package in an appropriate sandbox and send it to the user after being built, the results being cached for future requests. As a final fall-back, the recipe (AKA Portfile + associated metadata) would be downloaded to the user's machine and used to build the bits in the current fashion, from scratch. Of course, this being software, we only implemented the final fallback and ignored the original requirements, generally going "LALALALALALA!" loudly and persistently whenever anyone asked about them. ;-) - Jordan _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
