A Quicklisp Debian package

Paulo Sequeira psequeirag at gmail.com
Sun Jan 1 07:23:48 UTC 2012


On Sat, Dec 24, 2011 at 6:08 AM, Sebastian Tennant
<sebyte at smolny.plus.com> wrote:
...
>
> More importantly though, running as root introduces a huge security hole and
> means that we are relying completely on Zach Beane to vet all the code he
> accepts into the Quicklisp distribution.
>
> I've looked at instructing Quicklisp to simply download libraries, rather than
> downloading them and compiling them (see 'install' versus
> 'install-and-compile') but a number of important Quicklisp librarieshave to be
> compiled at installation time for their dependencies to be correctly handled,
> so compilation is a requirement and I don't think this should be done by a lisp
> image running as root!
>
> Unless you can convince me otherwise, for this reason alone, I will soon be
> reintroducing the system user.

Fair enough. You make a good point and I agree with you that a
dedicated user account is called for.

...
> Alternatively, you could try using the standard github collaboration model[2].
> This is probably best if you're going to get more involved (which I hope you
> do).

I must confess I'm more familiar with traditional VCS, but let me
review the instructions and prepare my forked repositories.

>
> While we're on the subject of workflow, I propose that we move discussion on
> swiqlisp development to github[3] as none of this is Debian specific - swiQlisp
> is the upstream project and at some point one of us should take the lead in
> developing a Debian swiqlisp package.

Agreed, let's continue the discussion there.

-- 
Paulo



More information about the pkg-common-lisp-devel mailing list