On Fri, Jan 12, 2007 at 06:22:03AM +0000, Ciaran McCreesh wrote: > On Fri, 12 Jan 2007 06:38:23 +0900 Georgi Georgiev <[EMAIL PROTECTED]> > wrote: > | I agree that if an ebuild wants to misbehave it can and there is no > | stopping it. However, code that is executed in pkg_* is generally > | restricted to code written by the person who is involved in > | maintaining the ebuild. It is easy to read that code and see what it > | does. In contrast, the stuff that is run with lowered privileges is > | usually coded upstream. I'd like to have that run with lowered > | privileges, no matter what. > > So you trust upstream to install arbitrary content on your computer, > some of which may not be removed even when you uninstall the package, > but you don't trust the package to compile with elevated privs, even > when a Gentoo developer has carefully checked why userpriv is required?
When does upstream get to install arbitrary content on my computer? Upstream's build system gets to write stuff to $D, but not to $ROOT (malice aside). The move to $ROOT, and anything after that, is the ebuild writer's and the package manager's responsibility. -- gentoo-dev@gentoo.org mailing list
