[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New package managment

On 23-Sep-99 Steve Baker wrote:
> Erik wrote:
>> > BAD (but typical) STORY:
>> almost sounds like an argument against using libraries :) hehehe
> And that truly, honestly does happen. MANY people (myself
> included) would rather write a whole bunch of new code
> from scratch than drag in another library dependency.
> My game relies on three libraries: PLIB (which is my own
> and doesn't count), GLUT and Mesa.

plib is why I haven't tried tux yet (even tho I've installed plib, go figure)

> About 80% of my support email comes from people who don't
> have one or other of those installed properly or at the
> correct location or some crap like that.

that's the nature of support. Try following the gnome lists sometime... :)

>> I d'no if I like the sound of that :/ My computer taking off and downloading
>> and installing stuff without me at the helm sounds frightening.
> Well, yes - but John Q Public won't be so nervous about it.

mebbe john q public should be?

> After all, you are downloading a game from God-knows-who and
> probably doing the "make install" as root.  You have already
> given someone who is perhaps not trustworthy the ability to
> do terrible things to you.


> I guess the download process could stop and ask "Do you really
> want to install Clanlib from http://<whatever>.html?"
>> Especially
>> considering these different packages would be gotten from
>> differnet places, and the level of trust is unknown of
>> these sites.
> But you need to trust those sites anyway in the end.  How
> do you evaluate a "trusted" site?  Because it has a cool
> game on it?

I generally prefer reputable sites, but I'd be naive to expect all 'trusted'
sites to be inheritantly better than 'unknown' sites. Audits would need to be
run by people very trustworthy

>> This'd need to be run as root,
>> and if one of those many many sites were violated or something unexpected
>> happen, this could prove detrimental to the machine.
> Do you inspect the innards of all those Makefile's before you
> run 'make install' as root?   It has exactly the same power
> to turn to the dark side.

damn straight, and I scour the source code, compile it, disassemble it, and
scour the asm :) hehehehe, ok, so I blindly assume it's non-malicious

>> Also, what happens if clanlib says "needs hermes > xx" but hermes gets
>> another
>> release that breaks some stuff? then this script fails horribly, and the
>> user
>> thinks linux just doesn't have its shit together cuz of it
> Well, true.  But again, the manual process suffers those exact
> same problems.
> <sigh>  I understand your concerns - and share them to some
> degree.  It's frightning the number of packages I have downloaded
> from people I don't know from Adam, blindly installed them and
> thought nothing of it.
> All I know is that from the mail I get, something BADLY needs
> to be done.
> The process I describe would work because:
>   * I trust the Pingus site (I have to because I'm going
>     to run their code without checking it for Trojan horses
>     under my own user ID - and possibly I'll run 'make install'
>     as root.
>   * Because the "pingus.autoweb" file is trusted, I have to
>     accept that the authors of Pingus are not doing something
>     nasty to me by recommending ClanLib as a trusted site.
>   * By implication, I trust Clanlib because they are trusted
>     by Pingus - whom I trust.
>   * Hence by a chain of trusted people, we arrive at the final
>     process.

if every developer audited every package to satisfaction, and all end packages
were audited to satisfaction, this would be reasonable. The problem is when I
write a game, I don't audit the library very well, I kind of cross my fingers
and hope that the ppl making it are good guys.

> Installing any kind of binary or even source package from the
> web is an incredibly risky thing to do. I don't see that my
> proposal really makes things that much worse.

Maybe if these things were access from a central resource and only packages
properly audited were added to this central resource, then that would add a
little safety?

most of your argument security-wise seems to be "it's so bad right now, this
won't make it much worse". I don't think that's a very good ideal to aspire to,
it's very microsoftian, imho :) I do a lot of security nono's, I run way to
much stuff as root, I don't audit packages or even check audits. I'm no example
of how it should be, but, well, I like to stand around and say how it should be
:) I can be quite useless like that. I think we should keep the ideal in mind,
even if we don't excersize it, even if we can't make it happen overnight.
(that's why it's an ideal, not fact, right?)

> --
> Steve Baker                (817)619-2657 (Vox/Vox-Mail)
> Raytheon Systems Inc.      (817)619-2466 (Fax)
> Work: sjbaker@hti.com      http://www.hti.com
> Home: sjbaker1@airmail.net http://web2.airmail.net/sjbaker1

        -Erik <br0ke@math.smsu.edu> [http://math.smsu.edu/~br0ke]

The opinions expressed by me are not necessarily opinions. In all
probability, they are random rambling, and to be ignored. Failure to ignore
may result in severe boredom or confusion. Shake well before opening. Keep