On Mon, Apr 2, 2012 at 5:23 AM, Dave Page <dp...@pgadmin.org> wrote: > If homebrew intentionally creates a hole like that, then for as long > as I'm one of the PostgreSQL webmasters it will *never* be listed on > our download pages.
I think that's a bit harsh. It's not as if the PostgreSQL package creates the security hole; it's something that the packaging system does itself, independent of whether or not you try to install PostgreSQL with it. So it seems to me that refusing to list it is making life difficult for people who have already made the decision to use brew, without any compensating advantage. That doesn't mean that I approve of brew's approach to this problem, though. Even if you think that it's unimportant to keep the desktop user from usurping root privileges, having some things installed in /usr/local as root and others as the desktop user (multiple different desktop users?) seems like a recipe for chaos. I've made those types of mistakes, but I got them out of my system in the nineties. I can't help but wonder if this isn't just the natural way a packaging system evolves - you start with something very simple (like what brew is now) and then gradually you realize that there are some annoyances, so you file those down by adding some more complexity, and eventually you end up with a system that's just as complex as the ones that you originally thought were too complex. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
