On Sat, Dec 24, 2011 at 6:08 AM, Sebastian Tennant <seb...@smolny.plus.com> wrote: ... > > More importantly though, running as root introduces a huge security hole and > means that we are relying completely on Zach Beane to vet all the code he > accepts into the Quicklisp distribution. > > I've looked at instructing Quicklisp to simply download libraries, rather than > downloading them and compiling them (see 'install' versus > 'install-and-compile') but a number of important Quicklisp librarieshave to be > compiled at installation time for their dependencies to be correctly handled, > so compilation is a requirement and I don't think this should be done by a > lisp > image running as root! > > Unless you can convince me otherwise, for this reason alone, I will soon be > reintroducing the system user.
Fair enough. You make a good point and I agree with you that a dedicated user account is called for. ... > Alternatively, you could try using the standard github collaboration model[2]. > This is probably best if you're going to get more involved (which I hope you > do). I must confess I'm more familiar with traditional VCS, but let me review the instructions and prepare my forked repositories. > > While we're on the subject of workflow, I propose that we move discussion on > swiqlisp development to github[3] as none of this is Debian specific - > swiQlisp > is the upstream project and at some point one of us should take the lead in > developing a Debian swiqlisp package. Agreed, let's continue the discussion there. -- Paulo _______________________________________________ pkg-common-lisp-devel mailing list pkg-common-lisp-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-common-lisp-devel
