Hi Gerrit and Faheem, Gerrit Pape wrote: > Faheem Mitha wrote: >> On Fri, 30 Apr 2010, Gerrit Pape wrote:
>>> For every software project, >>> 'make' should run with as less permissions as possible (ideally in a >>> sandbox ;), and root permissions should only be used where really >>> required (usually 'make install'). My suggestion would be to make this >>> report wishlist, wontfix. I disagree with the conclusion. Why not make it a little easier to build git however a person is used to building packages, especially since - the appropriate patches are already written - it would reduce noise on the git mailing list :) - everyone asking about this has been doing it in a sandbox, so although I would generally not like the opportunity to break people’s machines with an overprivileged test gone mad, in practice this is not usually about running that risk - if git misbehaves when run as root and we catch such a bug this way, that would be great I am also not convinced disallowing builds by root is allowed by Debian policy (though arguably the lack of clarity there is more of a bug in policy). >>> Has upstream already commented on this? See the “forwarded” thread and linked-to messages. Common themes: - running tests as root is insane - tests ought to have appropriate prerequisites to succeed when run as root anyway Junio proposed a patch for this once, but it evaporated because people couldn’t agree on how to teach the test harness to allow tests with multiple prerequisites. He has been on a pseudo-vacation for this week. No comments from the mailing list on this round except to say that “,” might be a better delimiter for test prerequisite lists (which makes sense, so I may add a patch for that on top next week). >> I think Debian packages are supposed to build using >> >> debuild binary > > I don't know debuild, but if it runs the build targets with fakeroot by > default, I'd say that is a bug in debuild. “debuild binary” is implemented as shorthand for “fakeroot debian/rules binary”. I think the intended result is better implemented by “debuild -b”, but also think --- _if_ it works and does not risk breaking something else --- that it is worth changing the tests to make the former work, too. Jonathan -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
