[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
On Fri, Jun 10, 2022 at 08:36:02AM -0400, Greg Troxel wrote:
> > Certainly these packages should not be used on non-NetBSD platforms
> > and they should be tightly restricted with ONLY_FOR_PLATFORM and
> > probably some other checks about what exactly they might be
> > installing to, or overwriting.
> I wouldn't say "NetBSD only" (how do people deal with trust anchors on
> IRIX?) but agreed that they should be careful enough not to do wrong
> things on other platforms.
That's not the source of my objection. mozilla-rootcerts
can be happily used to install trust anchors on anything.
The problem is the packages where installation has side-effects -
we don't know how they might clobber things.
> I am trying to separate:
> - A) package touches things outside of PREFIX so it needs review for
> doing so in a sane way, probably meeting standards of disclosures,
> and no other package is allowed to depend on it. As part of this we
> might require packages like this to be split into the one that
> munges outside, and one that just installs within prefix.
> - B) we have one and people don't like the other one
> To me the second point doesn't fit with pkgsrc, where users having
> choices is normal. And that means "we can't add Y via A because for
> this purpose X is ok" doesn't seem reasonable.
Main Index |
Thread Index |