[CONSPIRE] Installing software from source on Linux?
rick at linuxmafia.com
Fri Oct 28 11:09:30 PDT 2005
Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):
> I rather hoped you would provide such length, which is why I
> intentionally left out the following link from my post:
> I felt that post from January would be more of an answer to Dan B.'s
> likely next set of questions than to the somewhat more general inquiry
> posed this time. It was my intention to point him there after you weighed
> in, and as I expected, your two posts go together like ice and cold in
> addressing this topic.
Damn, you're welcome to flatter me _any_ time, Daniel. ;->
At the risk of exhibiting extreme egotism, I do agree that Dan should read
that January post (of mine) whose URL you've furnished. To summarise,
it's a detailed rundown on why its generally a really, really bad idea
to compile and install one's system's software directly from the
upstream maintainer's tarballs. Basically, you take a frightful
security risk and forego all of the advantages of relying on a distro
package maintainer, which are considerable and often overlooked.
In fairness, that is not quite the same as autobuilding software inside
(e.g.) the Gentoo Linux or FreeBSD "ports" frameworks: In those cases,
the framework fetches tarballs from canonical, crypto-authenticated
locations, checks maintainer crypto signatures, and then applies
local-customisation source patches before compiling and installing.
(I'm not 100% sure about the crypto parts, but believe and hope so.)
> However, sharing your experiences of the "bad old
> days" may have headed off those questions entirely. I sense another
> Knowledge Base entry in the works...
Good idea. I'm thinking the Admin category, for this one
More information about the conspire