From: Dario Niedermann on
Jim Diamond <Jim.Diamond(a)deletethis.AcadiaU.ca> wrote:

> As others have pointed out, this would make it more difficult for
> packages to modify directory perms when there is a valid reason to do
> so. It is not clear to me that this is a win-win.

The package installer should never alter permissions on pre-existing
directories, because this could break software that's already installed
and working. Just think of the trainwreck it could potentially cause on
a production system.

>> Scripts are a whole different issue. I don't think there's a realistic
>> way for the package installer to ensure they won't wreak havoc.
>
> So really there is no way for installpkg to guard against broken
> packages, in general.

Scripts should have to be designed (or mis-designed) to cause damage,
though. Which wouldn't be likely if you get them from a reputable
source.


--
> head -n1 /etc/*-{version,release} && uname -moprs
Slackware 12.2.0
Linux 2.6.27.31-smp i686 AMD Turion(tm) 64 Mobile Technology MK-36 GNU/Linux
From: +Alan Hicks+ on
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2010-07-14, Dario Niedermann <M8R-cthw2f(a)spamherelots.com> wrote:
> The point is, what should a well-written package installer do with a
> broken package? Should it happily mess permissions up on system
> directories as installpkg does?

What exactly constituted a broken package? Sure, *you* might not want
/ 700, but some one out there conceivably might. You might not want
/usr/bin set root:bin 750, but some one out there might. pkgtools is a
very flexible set of scripts that does exactly what they are told. That
is a feature, not a bug. If you tell it to do things that you don't
like, then you are at fault, not pkgtools.

In toher words, just because *you* consider a package to be broken
doesn't mean it isn't 100% what some one else intends. Asking pkgtools
to do what you want and not what some one else might want is
narcissistic.

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkw/TMYACgkQDyaEVbMHxsYDrwCgnnUJKgTF/3vksi/NjRmNR92c
uH0AmgNcScATgbUqtxLrDlyYdvmbfNUl
=4+m2
-----END PGP SIGNATURE-----
From: +Alan Hicks+ on
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2010-07-14, Keith Keller <kkeller-usenet(a)wombat.san-francisco.ca.us> wrote:
>> For one thing I'm running 12.2. Secondly, too many bozos
>
> The BOZO list is back!!!!!!!~ Hide the goat!

I seen it too. Hot damn but I picked a good time to return! :^)

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkw/WJAACgkQDyaEVbMHxsaFkACaA3mwlcF44Je+RtU5Wl10D2+T
3k4An3WB33zCkwQnVIHimvqZcgx4Y48x
=oFuJ
-----END PGP SIGNATURE-----
From: William Hunt on
On Thu, 15 Jul 2010, Dario Niedermann wrote:
> Jim Diamond <Jim.Diamond(a)deletethis.AcadiaU.ca> wrote:
[...]
>> So really there is no way for installpkg to guard against broken
>> packages, in general.
>
> Scripts should have to be designed (or mis-designed) to cause damage,
> though. Which wouldn't be likely if you get them from a reputable
> source.

Wouldn't then your complaint be with your reputable source, not installpkg ?


also, besides malicious or 'mis-designed' scripts, there also exist
poorly-implemented scripts and scripts with typographical errors,
as well as Q+D solutions to immediate problems, scripts whose goals
do not include your case. There's a lot of gray area. Deal with it.
There are reasons that third-party packages are third-party, and not
found on slackware.com.

PS. re: your borked third-party package, note that if one correctly
re-built the package, and then re-installed it, it would most likely
fix all of the ownerships, perms, etc, borked on the first install.


--
William Hunt, Portland Oregon USA
From: Dario Niedermann on
Jerry Peters <jerry(a)example.invalid> wrote:

> No, I *have* read the entire thread

If that is the case, your reading comprehension skills really suck.

--
> head -n1 /etc/*-{version,release} && uname -moprs
Slackware 12.2.0
Linux 2.6.27.31-smp i686 AMD Turion(tm) 64 Mobile Technology MK-36 GNU/Linux