From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from scc-mailout-kit-02.scc.kit.edu (scc-mailout-kit-02.scc.kit.edu [129.13.231.82]); by fantadrom.bsd.lv (OpenSMTPD) with ESMTP id f416b9ad; for ; Wed, 21 Jan 2015 19:35:59 -0500 (EST) Received: from asta-nat.asta.uni-karlsruhe.de ([172.22.63.82] helo=hekate.usta.de) by scc-mailout-kit-02.scc.kit.edu with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (envelope-from ) id 1YE5kb-0001x5-Jv; Thu, 22 Jan 2015 01:35:58 +0100 Received: from donnerwolke.usta.de ([172.24.96.3]) by hekate.usta.de with esmtp (Exim 4.77) (envelope-from ) id 1YE5kb-0001Bh-CA; Thu, 22 Jan 2015 01:35:57 +0100 Received: from iris.usta.de ([172.24.96.5] helo=usta.de) by donnerwolke.usta.de with esmtp (Exim 4.80) (envelope-from ) id 1YE5kb-0004H4-8D; Thu, 22 Jan 2015 01:35:57 +0100 Received: from schwarze by usta.de with local (Exim 4.77) (envelope-from ) id 1YE5ka-0000wQ-Vk; Thu, 22 Jan 2015 01:35:57 +0100 Date: Thu, 22 Jan 2015 01:35:56 +0100 From: Ingo Schwarze To: Kristaps Dzonsons Cc: Alexis , tech@mdocml.bsd.lv Subject: Re: Allow configure variables to be set from environment Message-ID: <20150122003556.GJ11796@iris.usta.de> References: <20150116215840.GF740@kei.fritz.box> <20150117010706.GH9772@iris.usta.de> <54BAC1A2.2060907@bsd.lv> <20150118033335.GA16562@iris.usta.de> <20150120151501.GA97151@kei> <20150121230518.GF11796@iris.usta.de> <54C042A0.6080806@bsd.lv> X-Mailinglist: mdocml-tech Reply-To: tech@mdocml.bsd.lv MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <54C042A0.6080806@bsd.lv> User-Agent: Mutt/1.5.21 (2010-09-15) Hi Kristaps, Kristaps Dzonsons wrote on Thu, Jan 22, 2015 at 01:21:52AM +0100: > I think this is a bad idea: there shouldn't be conditionals in the > code for every half-baked package manager out there, Right now, it doesn't seem execessive to me: It's two places, two lines each. There is stuff that causes more pain, for example the many lines "#if HAVE_SQLITE3" in main.c. > especially when they introduce security holes. Well, the way i did it does not cause security holes. > If there are other "linking" systems out there, then something like > this might be useful. But right now, homebrew is alone. > > Alexis, you said that the homebrew folks don't like patching > software. But there must be a facility to do so, no? > Shouldn't this patch be there, and not upstream? I'm not quite sure that is better. If we have the patch in our tree, the risk that future code changes turn the patch into something that actually *does* become a security risk seems lower. Also note that mdocml.bsd.lv *is* the portable version of mandoc, so in the way, it is the right place to maintain such code - as long as it doesn't grow out of hand and obscure the code. You can be assured that i won't add such patches to the master copy at cvs.openbsd.org... ;-) Yours, Ingo -- To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv