Date: Sat, 25 Aug 2012 02:01:48 +0200 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Doug Barton <dougb@FreeBSD.org> Cc: ports@FreeBSD.org, Steve Wills <swills@FreeBSD.org>, current@FreeBSD.org Subject: Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap Message-ID: <20120825000148.GF37867@ithaqua.etoilebsd.net> In-Reply-To: <50380269.6020003@FreeBSD.org> References: <97612B57-1255-4BB3-A6D3-FC74324C6D67@FreeBSD.org> <20120824081543.GB2998@ithaqua.etoilebsd.net> <50380269.6020003@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--hK8Uo4Yp55NZU70L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Aug 24, 2012 at 03:38:33PM -0700, Doug Barton wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>=20
> On 8/24/2012 1:15 AM, Baptiste Daroussin wrote:
> > BTW for people who haven't tested and want to share their opinion,
> > here is how work /usr/sbin/pkg:
> >=20
> > it first checks if ${LOCALBASE}/sbin/pkg is there - if yes it
> > directly execute ${LOCALBASE}/sbin/pkg with arguments passed to
> > /usr/sbin/pkg
>=20
> As others have already pointed out, this is a bad idea for a variety
> of reasons, not the least of which is security related. It also
> removes one of the primary benefits of pkg, that it be (fully) hosted
> in the ports tree.
Can anyone give me he details on the security related problem?
Can I also have the details on why it would remove the benefits of being fu=
lly
hosted in the ports, I have no plan to remove it, currently the ports tree =
is
also able to bootstrap itself pkg without needing /usr/sbin/pkg.
the bootstrap tool is currently just a transparent way to bootstrap pkgng, =
it is
not mandatory at all, one can leave without it, and it doesn't prevent pkgn=
g to
fully leave in the ports tree?
What do I miss here?
Once again I'm not opposed at all to remove it in favour of pkg-bootstrap, =
but
it currently seems to lacks a bit of detailed arguments.
> Let me rephrase that more simply ... very few users are ever going to
> need the bootstrapping tool that will be in the base. Making it
> mandatory for *every* user is therefore not only a bad idea, it's
> contrary to one of the primary goals of the project.
>=20
Why would it be mandatory? it is just a transparent kind of helper tool
regards,
Bapt
--hK8Uo4Yp55NZU70L
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iEYEARECAAYFAlA4FewACgkQ8kTtMUmk6EzFnACgvvOVzgLNzx51yzdtlqvX063X
K6MAni8S6ev9t5CuWLs76Glyk5BiqaPF
=TJIn
-----END PGP SIGNATURE-----
--hK8Uo4Yp55NZU70L--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120825000148.GF37867>