On 2015-11-27 10:24, Ola Fosheim Grøstad wrote:
Well, I usually don't use package managers for source code, but if I did
I would not consider using one that can write to random directories.
So if one uses Ruby, Python or D, the package manager has to make sure
it executes in a "jail filesystem sandbox" that only can touch a
specific subtree.
RubyGems works like this:
1. The author of a tool writes the package description in Ruby
2. The author then builds a gem (package) using the tool
3. The tool serializes/converts the Ruby code to YAML in the gem
4. The author uploads the gem using the tool
Then when a gem is installed the tool will only have access to the YAML
file and reads that. The only one that have access to and need to run
the Ruby code is the author.
--
/Jacob Carlborg