Request to review: print/texlive-install
Hiroki Sato
hrs at FreeBSD.org
Tue May 29 12:20:00 UTC 2012
Chris Rees <crees at freebsd.org> wrote
in <CADLo8380zGtCETzGrKzMrD_3Fwm2bZOMpEFLupaD_=mPU5k4Jg at mail.gmail.com>:
cr> On 28 May 2012 18:11, Stephen Montgomery-Smith <stephen at missouri.edu> wrote:
cr> > On 05/28/2012 11:35 AM, Gábor Kövesdán wrote:
cr> >>
cr> >> On 2012.05.28. 18:16, Stephen Montgomery-Smith wrote:
cr> >>>>
cr> >>>>
cr> >>>>
cr> >>>> On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:
cr> >>>>>
cr> >>>>>
cr> >>>>> How about if I add lines like this:
cr> >>>>>
cr> >>>>> .if !defined(IGNORE_SECURITY_RISK)
cr> >>>>> IGNORE= has a security risk because it downloads a file \
cr> >>>>> without a checksum. Define IGNORE_SECURITY_RISK to build this port
cr> >>>>> .endif
cr> >>>>>
cr> >>>>> Would it be considered OK to commit it then?
cr> >>>>
cr> >>>> could you host it somewhere that won't go away at missouri.edu?
cr> >>>>
cr> >>>
cr> >>>
cr> >>> I could host it somewhere at missouri.edu that will stay as long as I
cr> >>> am alive or keep my job.
cr> >>
cr> >> Better to host it on the FreeBSD mirrors. You only have to create a
cr> >> public_distfiles in your home directory after logging in to freefall and
cr> >> drop the file there. This is the usual way of doing it.
cr> >
cr> >
cr> > Thank you for the info. Here is my latest version:
cr> >
cr> > http://people.freebsd.org/~stephen/
cr> >
cr>
cr> I'm afraid my concerns still hold [1].
cr>
cr> This port fetches $WHOKNOWSWHAT from $WHOKNOWSWHERE outside the fetch
cr> stage, which isn't how ports are supposed to work.
cr>
cr> I know 'having a port' is usually considered a good thing, but as I
cr> said before, it's no easier or safer to install this via the port than
cr> just download and run the script.
cr>
cr> Also, on deinstall/upgrade the port will clobber anything that was
cr> there on install (automatic plist generation also sucks in anything
cr> that was there) [2].
I also think this port is too tricky. Although I do understand one
big package for texlive is easy to install and it will be one which
can satisfy many people, it should get along with the ports
framework---I do not think defining IGNORE_SECURITY_RISK is what we
want to do.
I spent a lot of time for teTeX-to-texlive migration in the ports
tree but I could not accomplish it actually so far since I could find
only a suboptimal solution. Importing a texlive port should replace
the current teTeX ports at one burst because there are many ports
which depend on TeX. I may not be qualified to say "no" here because
I have not been able to create an alternative for a long time, but
adding a texlive port with no specific migration plan would make the
ports tree confused.
I have created and used a prototype which consists of modularized
texlive ports (~200 ports) generated from macro package list in
texlive source and metadata from texlive.tlpdb to replace
print/teTeX* in the tree completely. It is because strong demands
for modularity and/or smaller configurations from TeX users who are
using it in non-X11 environment, for example, still remain. It has
worked, but one big problem is that it is not compatible with tlmgr.
If people use a tlmgr-like tool to download and install a macro
package instead of the ports, the texmf tree will be broken easily.
In addition, inconsistency between package database and actually
installed files breaks our ports framework in various ways. Trouble
reports on print/teTeX* ports I received were mostly due to broken
texmf trees, so I am feeling this should be mitigated in some way.
I can post the port set with disabling some of tlmgr's capability
(package install/removal part). Is it still an interesting one for
people?
-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20120529/6b0aafb1/attachment.pgp
More information about the freebsd-ports
mailing list