[Rpm-maint] Re: [lsb-discuss] [packaging] RFC: Berlin Packaging API
Sam Hart
criswellious at gmail.com
Thu Feb 28 15:15:36 UTC 2008
On Thu, Feb 28, 2008 at 9:42 AM, Robert Schweikert
<robert.schweikert at mathworks.com> wrote:
> Dan Kegel wrote:
> > <robert.schweikert at mathworks.com> wrote:
> >
> >> ISVs MUST have the option to let their customers
> >> install an application without root access.
> >>
> >> Being able to tell the underlying system what is being installed and
> >> where it is being installed is a convenience for the user and/or the
> >> system administrator.
> >>
> >
> > Apps that are installed without root access should not
> > be announced to the package manager.
> Why not?
>
> Lets say I am a user and want to install application X on my system and
> I do not have root access. I use the installer the app provides, the app
> installs and all is well. At some point later I want to install
> application Y, which happens to expect X to be present. As a user I
> don't want to do the leg work of telling Y that X is really there and
> where it is, I just expect the installer of Y to do the leg work for me
> and figure this out.
>
> As the provider of Y there is an obvious solution, ask the system if X
> is installed and where it is. Then I can do the legwork for my user and
> provide a reasonably pleasant install experience. Having the package
> manager as that interface appears to make sense to me.
That would be very nice, but providing a non-privileged user a way to
insert data into a system-wide package management system could be a
potential security issue and it's something I doubt very seriously
that any distribution (or even any Unix) would allow such a thing.
Now, if there was a way to sandbox it, e.g., have something set aside
in the package management system that is *explicitly* set aside for
user-installed applications, that would work.
IIRC (and I may be completely wrong here, I haven't looked back to
check, it just sounds familiar) the original discussion on this
included some talk of this very thing in the Berlin API.
More information about the Rpm-maint
mailing list