No, it wasn't a security concern, but more a question of whether a language package manager is the right way to install programs as well. Seems like people think it's an ok idea.
On Mon, Jun 9, 2014 at 11:07 AM, Samuel Colvin <[email protected]> wrote: > From a security point of view, my understanding is we're "hanging out to > dry" anyway: a package can run a build script that could in theory do > virtually anything the user could. > > If we accept that the of scripts you can choose to call doesn't seem that > much more dangerous. > > Was security the reason for it not being a good idea? > > > On Monday, 9 June 2014 15:14:47 UTC+1, Kevin Squire wrote: > >> I've found it useful. I've often installed python packages simply for >> the scripts they include, and it's convenient that they are accessible >> immediately from the command line. >> >> In contrast, the R packages I've used rarely provide self-contained >> scripts, and I've found it frustrating to download an R package and have to >> load up R and execute a series of commands that (in my opinion) would have >> more naturally been executed as a script (with command line arguments, >> etc.). >> >> Cheers, >> Kevin >> >> >> On Mon, Jun 9, 2014 at 7:04 AM, Stefan Karpinski <[email protected]> >> wrote: >> >>> My question is if this is a good idea or not. I'm not really sure. >>> >>> >>> On Mon, Jun 9, 2014 at 5:57 AM, Samuel Colvin <[email protected]> wrote: >>> >>>> In python pip packages you can declare "bin" scripts which become >>>> available in path to execute. It's a simple feature but it allows you to >>>> use the system to distribute simple "programs" as well as libraries. >>>> >>>> I can see there's no obvious way of providing the same functionality in >>>> julia, but if I did have a package with a script that people might want to >>>> execute, how would I proceed? >>>> >>>> Is there any plan for an optional directory in packages which would be >>>> added to PATH? >>>> >>>> Perhaps the best approach for now is just to give some direction in the >>>> README, eg.: >>>> >>>> "just run `cp ~/.julia/v0.3/packname/script.jl .` to copy the script >>>> to the local directory and run it from there." ??? >>>> >>> >>> >>
