From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-we0-f171.google.com (mail-we0-f171.google.com [74.125.82.171]); by fantadrom.bsd.lv (OpenSMTPD) with ESMTP id 7329853c; for ; Tue, 20 Jan 2015 10:15:07 -0500 (EST) Received: by mail-we0-f171.google.com with SMTP id u56so38124852wes.2 for ; Tue, 20 Jan 2015 07:15:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=4sfMntMvjNd7RMIbPwZKCVmKUW382vwCIMPOi6EqyL4=; b=vIlGN3BVr37AUd3064mHLIoYu9zgHnijJL1jpHBNfIiZXEkUVLFGpNRbz5UzXoOdMf Oqm6P+3s8F+qLzfgY9zRlYTeURsW86OOz5mR07l0Lzstq2TTcYUZ8JKTRNaxHB2NtlMC 7VX2lbGWBTpdUecCFL83ZXX2uZwydSidkRt8IRf1Mkxf9wldh99eBixCTCUTZ7IFHD9C 6sGbQl1mIHwSlztV2XOXRlgcByv4KT65/a1Z/MZlwBGOiKJEieL9xJ3hkPeNMSLLi6h4 hw7ttIwykR3usVgWpZ9wkY6yHfyGOMNk+gmrHxzyeXeLZvxYIrLPaiAN99xV/tcnxqV4 oklQ== X-Received: by 10.180.104.9 with SMTP id ga9mr48339704wib.9.1421766904987; Tue, 20 Jan 2015 07:15:04 -0800 (PST) Received: from kei (cable-82-119-7-175.cust.telecolumbus.net. [82.119.7.175]) by mx.google.com with ESMTPSA id d7sm9356615wjs.2.2015.01.20.07.15.03 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Jan 2015 07:15:04 -0800 (PST) Date: Tue, 20 Jan 2015 16:15:01 +0100 From: Alexis To: Ingo Schwarze , Kristaps Dzonsons Cc: tech@mdocml.bsd.lv Subject: Re: Allow configure variables to be set from environment Message-ID: <20150120151501.GA97151@kei> References: <20150116215840.GF740@kei.fritz.box> <20150117010706.GH9772@iris.usta.de> <54BAC1A2.2060907@bsd.lv> <20150118033335.GA16562@iris.usta.de> X-Mailinglist: mdocml-tech Reply-To: tech@mdocml.bsd.lv MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150118033335.GA16562@iris.usta.de> User-Agent: Mutt/1.5.23 (2014-03-12) Hi Ingo, hi Kristaps, first off thank you very much for the insightful responses. As for the fragmentation of OS X package managers you might be "delighted" to hear that there's also Nixpkgs ;) http://nixos.org/nixpkgs/ > > but it should be done right. Doing a naive installation isn't enough. I'm all up for it. > I'd thoroughly hate that. If you do that, i will remove all reference > to your port from the homepage, and if need be, publish a statement > that you deliberately patch vulnerabilities into software you are > porting, urging people to not use your work. Understood, I won't do that and patching software is gravely frowned upon in Homebrew. > > (By the way, did you plan on cron'ing makewhatis(8) or anything?) I haven't up until now. I would need to find out how Mac OS X updates its manpages, probably via a LaunchDaemon / LaunchAgent. > Oh wait a minute. I think i see a solution. If we specifically > allow mandoc to follow symlinks only into the homebrew tree, but > nowhere else, that seems safe. It's a bit tricky to avoid race > conditions, but i think there is a secure way to implement it. Is > there are standardized place where homebrew installs its real files, > and where nobody in their right mind would ever put any confidential > data? Maybe /Cellar? Is that right? Homebrew may be installed wherever a user desires (though /usr/local is recommended) ranging from /opt/homebrew to $HOME/.brew. Because of this Homebrew can also be installed and used without sudo if the file permissions (e.g. homebrew group with write access) are set up accordingly. Is it possible to to add a configure.local variable so that the suite of mdocml tools are compiled specifically for the user's setup, i.e. make the suggested "/Cellar" customizable? > > Essentially, the question is whether you want mandoc as a > > constellation of tools (a man replacement) with security tools > > or a developer tool. I'd be okay with it, mandoc -Tlint has already been very helpful for me! > True, but the above might be a solution. If we manage to support > that, it would actually be a safe man(1) for homebrew, much safer > than the traditional BSD or man-db implementations. This sounds even better. Best, Alexis -- To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv