Request to review: print/texlive-install
Chris Rees
crees at FreeBSD.org
Mon May 28 17:32:24 UTC 2012
On 28 May 2012 18:11, Stephen Montgomery-Smith <stephen at missouri.edu> wrote:
> On 05/28/2012 11:35 AM, Gábor Kövesdán wrote:
>>
>> On 2012.05.28. 18:16, Stephen Montgomery-Smith wrote:
>>>>
>>>>
>>>>
>>>> On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:
>>>>>
>>>>>
>>>>> How about if I add lines like this:
>>>>>
>>>>> .if !defined(IGNORE_SECURITY_RISK)
>>>>> IGNORE= has a security risk because it downloads a file \
>>>>> without a checksum. Define IGNORE_SECURITY_RISK to build this port
>>>>> .endif
>>>>>
>>>>> Would it be considered OK to commit it then?
>>>>
>>>> could you host it somewhere that won't go away at missouri.edu?
>>>>
>>>
>>>
>>> I could host it somewhere at missouri.edu that will stay as long as I
>>> am alive or keep my job.
>>
>> Better to host it on the FreeBSD mirrors. You only have to create a
>> public_distfiles in your home directory after logging in to freefall and
>> drop the file there. This is the usual way of doing it.
>
>
> Thank you for the info. Here is my latest version:
>
> http://people.freebsd.org/~stephen/
>
I'm afraid my concerns still hold [1].
This port fetches $WHOKNOWSWHAT from $WHOKNOWSWHERE outside the fetch
stage, which isn't how ports are supposed to work.
I know 'having a port' is usually considered a good thing, but as I
said before, it's no easier or safer to install this via the port than
just download and run the script.
Also, on deinstall/upgrade the port will clobber anything that was
there on install (automatic plist generation also sucks in anything
that was there) [2].
Chris
[1] http://lists.freebsd.org/pipermail/freebsd-ports/2012-May/075236.html
[2]
'''
Install texlive-install.
Use texlive to grab funky new package.
Upgrade texlive-install /* XXX funky new package is now added to
texlive-instal plist */
Upgrade texlive-install again
Hey, where did $FUNKY go?
'''
More information about the freebsd-ports
mailing list