Hi Tom, On Thu, 16 Feb 2023 at 17:19, Tom Rini <[email protected]> wrote: > > On Thu, Feb 16, 2023 at 05:12:33PM -0700, Simon Glass wrote: > > Hi Tom, > > > > On Tue, 14 Feb 2023 at 13:27, Tom Rini <[email protected]> wrote: > > > > > > On Tue, Feb 14, 2023 at 03:12:46PM -0500, Mike Frysinger wrote: > > > > On Tue, Feb 14, 2023 at 3:08 PM Tom Rini <[email protected]> wrote: > > > > > Downloading things from the internet and putting them in to the > > > > > default > > > > > PATH always and forever is also kinda not great? > > > > > > > > you just described a standard distribution. this is like literally > > > > how all of them work. not to mention every other language-specific > > > > distro tool out there (e.g. Python pip, Perl cpan, Go, etc...). > > > > > > > > maybe you'd like more guarantees on top (e.g. signature verification) > > > > which is reasonable. > > > > > > > > but to be clear, this script is already merged & in the tree, so your > > > > feedback doesn't block this patch. > > > > > > Yes, exactly. This is a fix on top of what we do today, so it should go > > > in. But modern distributions only install signed packages, and > > > language-specific tools tend to be a hive of bad examples. Looking over > > > binman right now, I see that we're either using apt (and oh, there's > > > "aot" typo in one spot) or downloading from a known Google drive, for > > > only a few less common tools. > > > > > > So yes, I would like to see some ideas on how to improve things in the > > > future so we aren't putting the binaries somewhere that's not a default > > > (or frequently common) PATH location. > > > > Are you thinking they should go in ~/.binman-tools or something like > > that? Then we would need to tell people to add it to their path. But > > we could make binman look there automatically. > > We should document that it's where we're putting stuff, not so much > "tell" them, unless you mean as a note when downloading. But yes, > ~/.binman-tools sounds reasonable. Maybe a flag to point elsewhere?
OK I will take a look. Regards, Simon
