Hi Tom, On Tue, 14 Feb 2023 at 13:27, Tom Rini <[email protected]> wrote: > > On Tue, Feb 14, 2023 at 03:12:46PM -0500, Mike Frysinger wrote: > > On Tue, Feb 14, 2023 at 3:08 PM Tom Rini <[email protected]> wrote: > > > Downloading things from the internet and putting them in to the default > > > PATH always and forever is also kinda not great? > > > > you just described a standard distribution. this is like literally > > how all of them work. not to mention every other language-specific > > distro tool out there (e.g. Python pip, Perl cpan, Go, etc...). > > > > maybe you'd like more guarantees on top (e.g. signature verification) > > which is reasonable. > > > > but to be clear, this script is already merged & in the tree, so your > > feedback doesn't block this patch. > > Yes, exactly. This is a fix on top of what we do today, so it should go > in. But modern distributions only install signed packages, and > language-specific tools tend to be a hive of bad examples. Looking over > binman right now, I see that we're either using apt (and oh, there's > "aot" typo in one spot) or downloading from a known Google drive, for > only a few less common tools. > > So yes, I would like to see some ideas on how to improve things in the > future so we aren't putting the binaries somewhere that's not a default > (or frequently common) PATH location.
Are you thinking they should go in ~/.binman-tools or something like that? Then we would need to tell people to add it to their path. But we could make binman look there automatically. Regards, Simon
