[CONSPIRE] Installing software from source on Linux?

[Rick Moen]

Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> I rather hoped you would provide such length, which is why I
> intentionally left out the following link from my post:
> 
> http://linuxmafia.com/pipermail/conspire/2005-January/000779.html
> 
> I felt that post from January would be more of an answer to Dan B.'s
> likely next set of questions than to the somewhat more general inquiry
> posed this time. It was my intention to point him there after you weighed
> in, and as I expected, your two posts go together like ice and cold in
> addressing this topic.

Damn, you're welcome to flatter me _any_ time, Daniel.  ;->

At the risk of exhibiting extreme egotism, I do agree that Dan should read
that January post (of mine) whose URL you've furnished.  To summarise,
it's a detailed rundown on why its generally a really, really bad idea
to compile and install one's system's software directly from the
upstream maintainer's tarballs.  Basically, you take a frightful
security risk and forego all of the advantages of relying on a distro
package maintainer, which are considerable and often overlooked.

In fairness, that is not quite the same as autobuilding software inside
(e.g.) the Gentoo Linux or FreeBSD "ports" frameworks:  In those cases, 
the framework fetches tarballs from canonical, crypto-authenticated
locations, checks maintainer crypto signatures, and then applies
local-customisation source patches before compiling and installing.
(I'm not 100% sure about the crypto parts, but believe and hope so.)

> However, sharing your experiences of the "bad old
> days" may have headed off those questions entirely. I sense another
> Knowledge Base entry in the works...

Good idea.  I'm thinking the Admin category, for this one
(http://linuxmafia.com/kb/Admin/).