[Slackbuilds-users] Chromium in Slackbuilds
Jeremy Hansen
jebrhansen+SBo at gmail.com
Thu Dec 20 01:06:28 UTC 2018
On Wed, Dec 19, 2018, 5:57 PM James Diamond via SlackBuilds-users <
slackbuilds-users at slackbuilds.org> wrote:
> On Wed, Dec 19, 2018 at 17:40 (-0700), Jeremy Hansen wrote:
>
> > On Wed, Dec 19, 2018, 5:06 PM James Diamond via SlackBuilds-users <
> > slackbuilds-users at slackbuilds.org> wrote:
>
> >> On Wed, Dec 19, 2018 at 16:00 (-0700), Jeremy Hansen wrote:
>
> >>> On Wed, Dec 19, 2018, 1:55 PM JCA <1.41421 at gmail.com> wrote:
>
> >>>> Why not simply officially adopt the AlienBob version?
>
> >>> His SlackBuilds typically go against SBo requirements, namely
> downloading
> >>> things within the SlackBuild script. There's nothing wrong with doing
> >> that,
> >>> it's just not allowed by SBo.
>
> >> Just out of curiosity, why is that not allowed? I can see a certain
> >> virtue in consistency of action, but at the same time, there are
> >> things to be said for reducing tedious activities. (Thus, I suppose,
> >> the reason for tools that download the SBo information, figure out
> >> what needs to be downloaded, downloading it if it is not already
> >> downloaded, and then doing the build.)
>
> > Between downloading the SlackBuilds tarball from the site and
> > downloading the files in the .info, everything should be able to be
> > done offline. They do not want the scripts to be downloading things
> > while they run... everything that needs to be downloaded needs to
> > be listed in the .info.
>
> Sure, but that is more of a description of "what they say", as opposed
> to "why they say it". I'm really interested in the rationale,
> although as you say...
>
> > With a quick run through the site, I didn't see any official
> > documentation that spells this out specifically, but I have seen it
> > mentioned many times in this mailing list as something to be
> > corrected when it slips by (many times with python packages).
>
> Thanks for your thoughts.
>
Just a thought, but any file in the .info is required to have an MD5SUM.
This ensures the file has remained untouched from when the maintainer
tested it. If files are downloaded within the script, you can't verify that
those files are unmodified.
This could mean simply that the files have been updated and have not been
verified to work properly, but it can also mean that the files have been
tampered with and may pose a threat to the system.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20181219/c00e2aef/attachment.html>
More information about the SlackBuilds-users
mailing list