Computer Old Farts Forum
 help / color / mirror / Atom feed
From: Chet Ramey <chet.ramey@case.edu>
To: Dan Cross <crossd@gmail.com>
Cc: segaloco <segaloco@protonmail.com>, COFF <coff@tuhs.org>
Subject: [COFF] Re: [TUHS] Re: Generational development [was Re: Re: Early GUI on Linux]
Date: Tue, 28 Feb 2023 09:53:44 -0500	[thread overview]
Message-ID: <708986db-d22e-3b1b-7dad-c15025697e42@case.edu> (raw)
In-Reply-To: <CAEoi9W4sq7r_azuNbogDcfDTM2xy7WPnQ6-n+de-b-iCVhHqUg@mail.gmail.com>

On 2/27/23 7:28 PM, Dan Cross wrote:

> Huh? Rustup is the context that this came up in:

I think if you look back in the thread, you'll find that the message from
segaloco was a reply to a message of mine where I criticized the practice
of piping from `wget' to `sh'. That's the context.


>> But just because you don't run `sudo sh' when using
>> `rustup' doesn't mean there aren't a disturbingly large number of
>> installers -- or whatever -- for which that is the recommended workflow.
>>
>> Nor does the fact that `rustup' is a safe example mean that this is a safe
>> practice in general. I posit that it's a bad idea in general to blindly
>> run scripts you download from the Internet, and it's especially bad to
>> do it as root. Depending on how you accept risk, you can choose to do
>> things about it, but that's often not part of recommendations.
> 
> I cannot help but point out that this is moving the goalposts somewhat
> from the specific context that I was responding to. If we're now
> talking about things in general then I agree with you.

We were talking about the general practice before Matt used `rustup' as a
specific example. I'm glad we agree it's a bad idea.


>> In any case, if you want
>> to, you can have a workflow where you rebuild configure yourself.
> 
> This is true, but then there's the autotools source stuff that you've
> got to inspect as well, and on and on.

Sure, there's always a limit to where trust takes over. It's ultimately
who you trust to do the packaging: is it your distro/OS vendor, your
package manager (e.g., macports, homebrew), free software distributors
(e.g., signed tar files from gnu.org), or the authors themselves?

> Or perhaps they just cargo-cult it and don't
> really think about it, which (I think) hews closer to the argument
> that folks here have been making.

That's pretty close to the point I was making originally.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/


  reply	other threads:[~2023-02-28 14:54 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <16241ceb-fe92-7f25-bda0-0b327847728d@case.edu>
     [not found] ` <B7F6403D-E276-490B-AB11-835141F31339@iitbombay.org>
     [not found]   ` <vNaSB1ygm5HY-rV-WScmTmerF0acmZicvrUsW4kpDQ-n0-rpXSNQTh9V6mMHVLEbH6cjpXIQrHM8U4Oc4e6vzzA1sGF2eM9lxXqUbEn2bfc=@protonmail.com>
     [not found]     ` <735c811e-62ce-5384-b83f-a3887baac89d@case.edu>
2023-02-27 21:22       ` Dan Cross
2023-02-27 21:42         ` Chet Ramey
2023-02-27 22:01           ` Dan Cross
2023-02-27 23:23             ` Chet Ramey
2023-02-27 23:42               ` Larry McVoy
2023-02-28  0:29                 ` Dan Cross
2023-02-28  0:28               ` Dan Cross
2023-02-28 14:53                 ` Chet Ramey [this message]
2023-02-28 15:25                   ` Dan Cross
2023-02-28 16:03                     ` Chet Ramey
     [not found]         ` <8A7D978F-88A0-491D-90A3-A1CE843B3698@me.com>
2023-02-27 22:07           ` [COFF] Re: [TUHS] " Dan Cross
     [not found]         ` <CAJXSPs-1-3wrt_suJ9S3u0z_E6qAEpUUZ1Zk2oANXF6NQL9tDg@mail.gmail.com>
2023-02-27 22:17           ` [COFF] Re: [TUHS] " Dan Cross
2023-02-27 23:20             ` Stuff Received
     [not found] <58626A0B-EF9C-4920-8E20-CE0C4210BA6A@planet.nl>
     [not found] ` <Y/rGop0y22X9Dcxd@mit.edu>
     [not found]   ` <A3308FD9-F130-48BA-903A-4F7AA6CF2CC3@planet.nl>
     [not found]     ` <202302272004.31RK4aGG001510@freefriends.org>
     [not found]       ` <2f6faeb4-5e73-cf18-b0ff-edc3e1658f72@case.edu>
     [not found]         ` <202302272022.31RKMG2L004091@freefriends.org>
     [not found]           ` <CqEehkxsT6R2Pn65gn4t2uSN_AvnhjMP8HQDdZDPazLs9B4gZQ3R7BCd0Ko4EzbTwIm3n9FfTuaf1xBZKeEmwPoTutaIFv9juCO_3HoG5vg=@protonmail.com>
2023-02-27 21:04             ` Dan Cross

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=708986db-d22e-3b1b-7dad-c15025697e42@case.edu \
    --to=chet.ramey@case.edu \
    --cc=coff@tuhs.org \
    --cc=crossd@gmail.com \
    --cc=segaloco@protonmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).