public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dave Page <[email protected]>
To: Victoria Henry <[email protected]>
Cc: Joao De Almeida Pereira <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: [pgadmin][patch] Electron version 4.X
Date: Mon, 18 Jun 2018 02:35:16 +0100
Message-ID: <CA+OCxoxFmrD7NEN0zWa3eVNHn4N7Fydk4=j-96Hs9QKi3VknSQ@mail.gmail.com> (raw)
In-Reply-To: <CANxYE3Km4jNv50Q7RrAtx9ig8fDug=G1-jp7BS-XXuwJ5aCZBQ@mail.gmail.com>
References: <CAE+jjanDYhJaFHvxpv-N1mKuCsYMnwZUiOYH88-Bj+hxFesU+A@mail.gmail.com>
<CA+OCxoxEZi58oDRoccESWf2iJVft3=OKanqa4+n_vjkMafROPg@mail.gmail.com>
<CANxYE3Km4jNv50Q7RrAtx9ig8fDug=G1-jp7BS-XXuwJ5aCZBQ@mail.gmail.com>
Hi
On Fri, Jun 8, 2018 at 3:49 PM, Victoria Henry <[email protected]> wrote:
> - I think the build instructions need to be more generic (particularly on
>> macOS). For example, I do not use HomeBrew (largely due to some nasty
>> security issues they had in the past). I was able to mostly port the
>> instructions and build script over to work using MacPorts (without PyEnv)
>> which actually turned out to be somewhat more simple than what's there now.
>>
> Since we don't use MacPorts, we cannot provide installation instructions.
>
FYI, I just tried Homebrew again to see if it has improved. It has not:
dpage@snake:~/git$ /usr/bin/ruby -e "$(curl -fsSL
https://raw.githubusercontent.com/Homebrew/install/master/install)";
==> This script will install:
/usr/local/bin/brew
/usr/local/share/doc/homebrew
/usr/local/share/man/man1/brew.1
/usr/local/share/zsh/site-functions/_brew
/usr/local/etc/bash_completion.d/brew
/usr/local/Homebrew
==> The following existing directories will be made group writable:
/usr/local/bin
/usr/local/include
/usr/local/lib
/usr/local/share
/usr/local/share/man
==> The following existing directories will have their owner set to dpage:
/usr/local/bin
/usr/local/include
/usr/local/lib
/usr/local/share
/usr/local/share/man
==> The following existing directories will have their group set to admin:
/usr/local/bin
/usr/local/include
/usr/local/lib
/usr/local/share
/usr/local/share/man
==> The following new directories will be created:
/usr/local/Cellar
/usr/local/Homebrew
/usr/local/Frameworks
/usr/local/etc
/usr/local/opt
/usr/local/sbin
/usr/local/share/zsh
/usr/local/share/zsh/site-functions
/usr/local/var
As anyone familiar with Unix system architecture could tell you, this is a
horribly bad idea for a number of reasons:
1) It will break on any system used by more than one person - only the
original installer (and possible members of the admin group) will be able
to properly use brew.
2) It's changing the default (and correct) permissions on /usr/local/ to
something they are not supposed to be.
3) It's making a directory that is in the path writeable by user other than
root. This is a very bad idea as it means that any malicious software run
by the user could place executable files there without the user's knowledge.
/usr/local/ is supposed to be a secure directory for very good reasons. We
cannot start recommending our devs do something that compromises the
security of their system to build pgAdmin, thus we need to figure out how
to do this using MacPorts or some other similar technology that doesn't
suffer from this problem.
I'm leaning towards the idea that having any build instructions that
suggest using brew should be removed from pgAdmin entirely, to avoid
putting users at risk.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
view thread (9+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: [pgadmin][patch] Electron version 4.X
In-Reply-To: <CA+OCxoxFmrD7NEN0zWa3eVNHn4N7Fydk4=j-96Hs9QKi3VknSQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox