<div dir="ltr"><span style="font-size:12.8000001907349px">"You can systematically avoid it by letting the operating system's</span><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px">security do its thing: Don't use superuser privileges to build software,</span><br style="font-size:12.8000001907349px"><span style="font-size:12.8000001907349px">and don't use them to install unless you know what it's going to do."</span><br><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">Wow, you know, wow. Now you have me wondering if I've gotten too comfortable using sudo.</span></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><span style="color:rgb(136,136,136);font-size:12.8000001907349px">Christopher David Ramos</span><br style="color:rgb(136,136,136);font-size:12.8000001907349px"><a href="http://www.paxperscientiam.com/" style="color:rgb(17,85,204);font-size:12.8000001907349px" target="_blank">www.paxperscientiam.com</a><br style="color:rgb(136,136,136);font-size:12.8000001907349px"><a href="http://www.lnkdin.me/chris" style="color:rgb(17,85,204);font-size:12.8000001907349px" target="_blank">www.lnkdin.me/chris</a><br></div></div></div>
<br><div class="gmail_quote">On Wed, Jun 24, 2015 at 12:38 AM, Lawrence Velázquez <span dir="ltr"><<a href="mailto:larryv@macports.org" target="_blank">larryv@macports.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Jun 23, 2015, at 11:03 PM, Christopher D. Ramos<br>
<span class=""><<a href="mailto:chrisdavidramos@gmail.com">chrisdavidramos@gmail.com</a>> wrote:<br>
<br>
> That said, I don't think it's merely incidental.<br>
<br>
</span>I assure you that it is.<br>
<span class=""><br>
> After all, git is, in a sense, part of the Macports ecosystem by<br>
> virtue of a version of it being hosted by Macports. Is there not<br>
> a policy about hosting ports -- whether version control or other types<br>
> of software distribution mechanisms -- that may distribute projects<br>
> that ultimately harm a Macports installation?<br>
<br>
</span>It would be one thing if Git were more akin to dpkg/apt or rpm/yum,<br>
which are proper systems for distributing software. Git is closer to<br>
rsync in this regard — basically a fancy downloader. It does far less<br>
than you seem to think it does. The important code here is the build<br>
system (the input to Autotools, Make, CMake, Ninja, SCons, whatever).<br>
<span class=""><br>
> My reason for bringing up "/opt/local" was because I was wondering if<br>
> there was a chance that the makefile of some git project (or any other<br>
> project management system!) might instruct it (implicitly or<br>
> explicitly) to install under /opt/local.<br>
<br>
</span>There is a chance, yes. A makefile author can write anything, and a Make<br>
process can do anything that the invoking user can do. You can try<br>
searching for "/opt/local" in the relevant configure script or makefile<br>
if you're curious.<br>
<span class=""><br>
> And if so, how could this be systematically avoided.<br>
<br>
</span>You can systematically avoid it by letting the operating system's<br>
security do its thing: Don't use superuser privileges to build software,<br>
and don't use them to install unless you know what it's going to do.<br>
<br>
vq</blockquote></div><br></div>