Clint, Clint Byrum wrote: > In the upstream default install of rubygems, the default location for > these binaries and rubygems library files is /usr/bin, and /usr/lib > respectively. This places the binaries in the default shell path for most > FHS systems, so that users can have an experience something like this: > > $ sudo gem install rails [... gem downloads and installs rails ... ] > $ rails my-facebook-killer-app/ [... A skeleton of a rails app is > created ... ... I Start hacking on my-facebook-killer-app ...]
My opinion is opposite. I'd like to require users a manual intervention to execute binaries from gems due to security concern. Users might think that gem install something is very similar to apt-get install something. However, Rubygems' security culture differs from Debian's. Signed gems are not popular. Imagine that a gem (located in a server or through network) is attacked to include a malicious executable named 'ls', which then installs in your /usr/local/bin. In addition, I'd like to make room in /usr/local/bin for local installations, such as setup.rb, make && make install etc... I think that I have made success in this point since nobody has ever claimed that /var/lib/gems is in his/her way. > However, this introduced an incompatibility with the FHS definition of > the purpose of /var[1]. I agree with the primary purpose of /var that you mentioned. But I can not find any better place to install gems files with two points above satisfied. Regards, Daigo -- Daigo Moriwaki daigo at debian dot org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
