From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 9368 invoked from network); 28 Feb 2023 14:54:01 -0000 Received: from minnie.tuhs.org (50.116.15.146) by inbox.vuxu.org with ESMTPUTF8; 28 Feb 2023 14:54:01 -0000 Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id 4D3D642258; Wed, 1 Mar 2023 00:53:58 +1000 (AEST) Received: from mpv-out-ksl-1.case.edu (mpv-out-ksl-1.CWRU.Edu [129.22.103.228]) by minnie.tuhs.org (Postfix) with ESMTPS id 5089142245 for ; Wed, 1 Mar 2023 00:53:49 +1000 (AEST) Received: from mpv-local-ksl-1.CWRU.Edu (EHLO mpv-local-ksl-1.case.edu) ([129.22.103.235]) by mpv-out-ksl-1.case.edu (MOS 4.4.8-GA FastPath queued) with ESMTP id AKP48385; Tue, 28 Feb 2023 09:53:48 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1677596028; bh=mYBKG0KqMdj5e/Q6fiKK9sj5cstANbZkZVHW+/z8C9k=; l=2120; h=Message-ID:Date:MIME-Version:Reply-To:Cc:Subject:To:References: From:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=Uap/UXI+g0xz94rSrHvScBSj1iuO/bb9ktK3UYhBYtbc5fiyxTepPSxeLolpeVcyTM nQWn9tY+8ruBY/No+M12/hU/wOxd8S/6iTfryWkhdnGi+S2ACSezVUVo2ts0WPfKk57 Omo1Il0NpWaNGLdoQEmMVmerTPdEz6zBq+Vmvq0rex28FXJlJ9zW1NCFjIEVBT4qveV 8ZfXL+1w+WrYBm12YMtLf5UArwdEOUVdEJPgd0np7I42POaKwbWGgl+9bOhtPwJSbkQ oMWy1s6LTzhXcX2pZeJ1L15e2JvAzVpBrln64BHPlUuGh8KKeMjtoewFDd48IR3pw6N imlpAzyQ== Received: from mail-qk1-f198.google.com (EHLO mail-qk1-f198.google.com) ([209.85.222.198]) by mpv-local-ksl-1.case.edu (MOS 4.4.8-GA FastPath queued) with ESMTP id BAH69812; Tue, 28 Feb 2023 09:53:47 -0500 (EST) Received: by mail-qk1-f198.google.com with SMTP id ou5-20020a05620a620500b007423e532628so6091440qkn.5 for ; Tue, 28 Feb 2023 06:53:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=g-case; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:cc:reply-to:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=mYBKG0KqMdj5e/Q6fiKK9sj5cstANbZkZVHW+/z8C9k=; b=NmcQ9438EGiHPbz4ubeAV3UswXPSLayyduhn8lCw+4LCakbJ0zOpnRZavWqx7ctZze vBkQ4v9AveVpM53nEnYhlAOULJuGOUpH2sPgvsE0Lkn7/PpWkXMm+sCBSUodtbsrwg32 cZfnn1sUqqwpWPkPHDkTTr1QgYNubTQc91r0bJt+3ZPoHziXqcg/IhRQm5ClLNom8Pee ivAqWyn07d+He5ZN568AQ1vzqhnPPfXtPWZJjFYNEGSQsHHgVGkBLRGDAUldcd5JLLXl PWewH5cuIDDcG0AIfJRHufIqYtuMXbXdddODvhySTLb3zIWA6X1DdDNWer2U4kPghRb9 0tKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:cc:reply-to:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mYBKG0KqMdj5e/Q6fiKK9sj5cstANbZkZVHW+/z8C9k=; b=LL8/Xk0EsGBZwXV0BpTpliFAuGBcB4ccJQHO2YmiouUry+XIGhy0u1+zrr6IQPiHMk gSSM+nXL04uID2q0qhH6mM1X+nont7ft9cLJjBPzxhgx2J1s/jDbwllipOdKKyUeFPvT M8xL86ysMgqglYBmt+xwOZnSQdIsXKW7PadYQ3ChL7ZsRfZO3ICpoceEC2PVnqmtqDiT TauMm1/WCh/MbveqS8Y4z2+HYMVYoqsmxH4UsC8ByVDxwWMP2bgnJxMdCqX12ksSH8b4 QFfiequ5K7Tf/dp9Q+LuAc7ozA2uwBINul2g1zMRZwS248vlazemoAm5hZJIQlF5swED itfA== X-Gm-Message-State: AO0yUKVJG4YivJnqPb6zEe7Xq5nxwI78jGrPOTBKCMKnr2y/z6u6vPAf Ns6bO9UfMRjIDD0UVs6i2RCcTVFTkFlEuNyPd+AEpjZR1LDNkuwvMnLUQJ+JKJFgrbPjE1aSDhV 80Zkq43qUiqei X-Received: by 2002:a05:6214:2429:b0:56e:b16d:de64 with SMTP id gy9-20020a056214242900b0056eb16dde64mr6110111qvb.49.1677596026672; Tue, 28 Feb 2023 06:53:46 -0800 (PST) X-Google-Smtp-Source: AK7set8u+/uxD3Q9LhcueaYTyFjMG4KiJVBU7z4VQZHON+uC5fximMMITSFzcekZBqlgmwp15jrOHA== X-Received: by 2002:a05:6214:2429:b0:56e:b16d:de64 with SMTP id gy9-20020a056214242900b0056eb16dde64mr6110071qvb.49.1677596026338; Tue, 28 Feb 2023 06:53:46 -0800 (PST) Received: from [129.22.8.211] (caleb.INS.CWRU.Edu. [129.22.8.211]) by smtp.gmail.com with ESMTPSA id v23-20020a05620a091700b007423c78b004sm6906145qkv.9.2023.02.28.06.53.45 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 28 Feb 2023 06:53:46 -0800 (PST) Message-ID: <708986db-d22e-3b1b-7dad-c15025697e42@case.edu> Date: Tue, 28 Feb 2023 09:53:44 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Content-Language: en-US To: Dan Cross References: <16241ceb-fe92-7f25-bda0-0b327847728d@case.edu> <735c811e-62ce-5384-b83f-a3887baac89d@case.edu> <5a7aa991-7656-3faf-b34a-d613736716fd@case.edu> From: Chet Ramey In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Mirapoint-IP-Reputation: reputation=Good-1, source=Queried, refid=tid=0001.0A742F90.63FE1207.0063, actions=tag X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A742F26.63FE157B.0030,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0, ip=0.0.0.0, so=2016-11-06 16:00:04, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 15043b1d8c18e06e894b0927b34e80e1 X-Mirapoint-IP-Reputation: reputation=good-1, source=Fixed, refid=n/a, actions=tag X-Junkmail-Status: score=8/90, host=mpv-out-ksl-1.case.edu X-Junkmail-PrAS-Raw: score=8/90, refid=2.7.2:2023.2.28.142725:17:8.707, ip=, rules=__YOUTUBE_RCVD, DKIM_SIGNATURE, __X_GOOGLE_DKIM_SIGNATURE, __X_GM_MESSAGE_STATE, __X_GOOGLE_SMTP_SOURCE, __HAS_MSGID, __SANE_MSGID, __MSGID_HEX_844412, DATE_TZ_NA, __MIME_VERSION, __USER_AGENT, __MOZILLA_USER_AGENT, __HAS_REPLYTO, __HAS_CC_HDR, __MULTIPLE_RCPTS_CC_X2, __CC_NAME, __CC_NAME_DIFF_FROM_ACC, __SUBJ_REPLY, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __TO_MALFORMED_2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __TO_GMAIL, __HAS_REFERENCES, __REFERENCES, __HAS_FROM, FROM_EDU_TLD, __IN_REP_TO, __CT, __CT_TEXT_PLAIN, __CTE, CTE_7BIT, __REPLYTO_SAMEAS_FROM_ADDY, __REPLYTO_SAMEAS_FROM_ACC, __FROM_DOMAIN_IN_ANY_CC2, __RCPT_DOMAIN_NOT_TO, __REPLYTO_SAMEAS_FROM_DOMAIN, __DKIM_ALIGNS_1, __DKIM_ALIGNS_2, __FUR_HEADER, __ANY_URI, __URI_MAILTO, __URI_WITH_PATH, __URI_ENDS_IN_SLASH, __URI_NO_WWW, __CP_URI_IN_BODY, __SUBJ_ALPHA_NEGATE, __COURIER_PHRASE, [TRUNCATED], so=2010-03-03 19:42:08, dmn=2016-08-03-0138 Message-ID-Hash: FF3CEJWWL3DMEZYA47UUKWNLDZPI22KC X-Message-ID-Hash: FF3CEJWWL3DMEZYA47UUKWNLDZPI22KC X-MailFrom: chet.ramey@case.edu X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: segaloco , COFF X-Mailman-Version: 3.3.6b1 Precedence: list Reply-To: chet.ramey@case.edu Subject: [COFF] Re: [TUHS] Re: Generational development [was Re: Re: Early GUI on Linux] List-Id: Computer Old Farts Forum Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 2/27/23 7:28 PM, Dan Cross wrote: > Huh? Rustup is the context that this came up in: I think if you look back in the thread, you'll find that the message from segaloco was a reply to a message of mine where I criticized the practice of piping from `wget' to `sh'. That's the context. >> But just because you don't run `sudo sh' when using >> `rustup' doesn't mean there aren't a disturbingly large number of >> installers -- or whatever -- for which that is the recommended workflow. >> >> Nor does the fact that `rustup' is a safe example mean that this is a safe >> practice in general. I posit that it's a bad idea in general to blindly >> run scripts you download from the Internet, and it's especially bad to >> do it as root. Depending on how you accept risk, you can choose to do >> things about it, but that's often not part of recommendations. > > I cannot help but point out that this is moving the goalposts somewhat > from the specific context that I was responding to. If we're now > talking about things in general then I agree with you. We were talking about the general practice before Matt used `rustup' as a specific example. I'm glad we agree it's a bad idea. >> In any case, if you want >> to, you can have a workflow where you rebuild configure yourself. > > This is true, but then there's the autotools source stuff that you've > got to inspect as well, and on and on. Sure, there's always a limit to where trust takes over. It's ultimately who you trust to do the packaging: is it your distro/OS vendor, your package manager (e.g., macports, homebrew), free software distributors (e.g., signed tar files from gnu.org), or the authors themselves? > Or perhaps they just cargo-cult it and don't > really think about it, which (I think) hews closer to the argument > that folks here have been making. That's pretty close to the point I was making originally. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/