[Pkg-puppet-devel] [SCM] Packaging of Facter for debian branch, master, updated. debian/1.5.6-1-3-gf695058

Micah Anderson micah at riseup.net
Tue Jul 7 15:37:49 UTC 2009


* Nigel Kersten <nigel at explanatorygap.net> [2009-07-07 10:20-0400]:

> >> I also have a few issues with using #!/usr/bin/env in general, be it Ruby or
> >> Python. We really want to avoid situations where the user having root on
> >> their desktop manages to break Puppet before it has a chance to rectify
> >> things.
> >
> > I don't really follow this logic because a user having root can break
> > all kinds of stuff that you can't possibly protect against in the
> > package, and just arbitrarily protecting against this one thing seems
> > odd.
> 
> For me it's not so much protecting against things as it is taking
> advantage of a package management system.
> 
> If you install facter or puppet, you're going to also pull in all the
> dependencies. Ruby, relevant gems, etc etc.

You do not pull in relevant gems via the package system. Perhaps you
mean to say relevant ruby libraries?

> If you use an env shebang, you're no longer sure whether the ruby
> runtime you're invoking actually provides all the required
> dependencies.

Depends on who you are talking about, and I believe its trivial to test
which ruby runtime you are actually invoking if it is an issue...

> "If a maintainer would like to provide the user with the possibility
> to override the Debian Python interpreter, he may want to use
> /usr/bin/env python or /usr/bin/env pythonX.Y. However this is not
> advisable as it bypasses Debian's dependency checking and makes the
> package vulnerable to incomplete local installations of python. "

I think the inadvisable thing they are referring to here is *not* the
use of '/usr/bin/env python', but rather the use of '/usr/bin/env
pythonX.Y'. I believe this is worded somewhat ambiguously so it could be
taken that way, but I think that only the latter bypasses Debian's
dependency checking, not the former. Unless I am wrong?

> I don't think it's advisable, and if it comes down to a vote amongst
> us, my vote is in favor of an explicit, non-env shebang.

Like I said before, if ya'll want that, I'm not going to stop you from
doing it. I am not particularly convinced of the merit of the arguments,
but don't find that the counter-arguments are worth the resistance. 

micah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20090707/c2777195/attachment.pgp>


More information about the Pkg-puppet-devel mailing list