Russ Allbery wrote: >Neil Williams <codeh...@debian.org> writes: > >> Usable software needs usable tools. > >The problem is that this *is* usable for nearly all the people who >currently use it, who just run one command to install it and have all >those dependencies pulled from a remote repo for them. Because the >dependency installation process is so easy, they think no more about >adding new dependencies than we think about installing some application >with apt that happens to require a bunch of shared libraries. > >In other words, the people developing and using this tool don't see this >as a problem, and therefore don't care about fixing it.
Depressingly, it seems a lot of the same web typists don't have any problems with doing the equivalent of "curl http://some.site/install.sh | sudo bash" . That doesn't mean we have to do the same in Debian. If there's no sensible way to do controlled web development, let's just drop this from Debian *now*. We can continue having the discussion about how to make things better and providing clue to clueless upstreams, but in the meantime this is a massive security breach just waiting to happen. -- Steve McIntyre, Cambridge, UK. st...@einval.com "Further comment on how I feel about IBM will appear once I've worked out whether they're being malicious or incompetent. Capital letters are forecast." Matthew Garrett, http://www.livejournal.com/users/mjg59/30675.html
