Rich McAllister wrote: > Dave Miner wrote: > >> And actually, the more I think about this, the more I think that if we >> do go forward with some form of this proposal, there might be an >> argument to allow administrators to disable it either per-user or >> globally. > > Disable *what*? The most dangerous thing it's doing is copying files. > It's not like pkgadd is the *only* way to put executables on to a disk. >
Gee, I thought there was something in there about running scripts, too. The universe of interesting packages doesn't consist of only copying files. > If we lard the modified package tools up with checks like this, we run > the risk of losing the entire benefit of the change. The application > builders want to be sure their applications can install without special > administrator intervention. If the package tools don't do that, they'll > just stick with their current tarball approach. > And some administrators, at least, want to be able to control what their users can do. Some of 'em probably take away access to tar and cpio, when they've seriously drunk the minimization koolaid, so no application vendor can ever assume that the whole possible range of users will be able to install the software without administrative intervention. We can certainly discuss which way should be the default, I'd probably agree that allowing UBI should be the default. However, I don't buy that the default is a significant factor in whether they'll use it or not: we can sell packages as a structured distribution mechanism that integrates well with the system and (hopefully someday) will be as easy to construct as a tarball plus a custom script. Promising more than that seems unnecessary; in any event, we can't just say we'll enable users to do whatever they want without considering the administrative point of view, and that's what I think is missing in this proposal, as my prior comments should have made clear. Dave
