[Rpm-maint] Re: [lsb-discuss] [packaging] RFC: Berlin Packaging API

Sam Hart criswellious at gmail.com
Thu Feb 28 15:15:36 UTC 2008

On Thu, Feb 28, 2008 at 9:42 AM, Robert Schweikert
<robert.schweikert at mathworks.com> wrote:
>  Dan Kegel wrote:
>  > <robert.schweikert at mathworks.com> wrote:
>  >
>  >>  ISVs MUST have the option to let their customers
>  >>  install an application without root access.
>  >>
>  >>  Being able to tell the underlying system what is being installed and
>  >>  where it is being installed is a convenience for the user and/or the
>  >>  system administrator.
>  >>
>  >
>  > Apps that are installed without root access should not
>  > be announced to the package manager.
>  Why not?
>  Lets say I am a user and want to install application X on my system and
>  I do not have root access. I use the installer the app provides, the app
>  installs and all is well. At some point later I want to install
>  application Y, which happens to expect X to be present. As a user I
>  don't want to do the leg work of telling Y that X is really there and
>  where it is, I just expect the installer of Y to do the leg work for me
>  and figure this out.
>  As the provider of Y there is an obvious solution, ask the system if X
>  is installed and where it is. Then I can do the legwork for my user and
>  provide a reasonably pleasant install experience. Having the package
>  manager as that interface appears to make sense to me.

That would be very nice, but providing a non-privileged user a way to
insert data into a system-wide package management system could be a
potential security issue and it's something I doubt very seriously
that any distribution (or even any Unix) would allow such a thing.

Now, if there was a way to sandbox it, e.g., have something set aside
in the package management system that is *explicitly* set aside for
user-installed applications, that would work.

IIRC (and I may be completely wrong here, I haven't looked back to
check, it just sounds familiar) the original discussion on this
included some talk of this very thing in the Berlin API.

More information about the Rpm-maint mailing list