usage numbers for macports vs. homebrew?

[Clemens Lang]

Hi,

> I'm pretty sure they consider this a strength. "I already have Python!
> Why is MacPorts trying to install a new version!?"

Certainly, but it leads to situations such as https://github.com/Valloric/YouCompleteMe/issues/8. They might not have to deal with python because they're not managing it, but others then have to do it for them.

> >  - homebrew doesn't have privilege separation and sandboxing like MacPorts
> >  does (they make a case that sudo is bad, so they can't use any of those,
> >  making their setup arguable less secure than ours).
> 
> I'm always conflicted on this one. On the one hand, most users are
> probably the primary user on their machine, so installing to
> /usr/local without privledges is probably not the worst thing in the
> world. On the other, security is a chain of links and this is
> definitely one that has been weakened.

This isn't necessarily about writing to /usr/local without privileges, but about using an unprivileged user. In homebrew, a build system can put stuff in your $HOME, read your files, etc. In MacPorts (unless you configure a non-root installation), none of these are possible. Making /usr/local writable for a user is a bad choice on a multi-user system, though, because /usr/local/bin is in the default PATH of every user -- an exploit running as that user can create /usr/local/bin/sudo and the next time a (possibly different!) user runs sudo and types his password, that security problem has turned into a root exploit.

Homebrew could create a "brew" user and require all operations to be run as sudo -u brew brew ..., but there is your sudo again...

> It would not be the worst thing in the world to eliminate the need for
> root in MacPorts. I know there have been changes in the past related
> to this, and I'm not sure what the current state of things is. I think
> for the most part, you can install an un-privledged MacPorts to a
> non-default location.

You can do that, you can even install an un-privileged MacPorts to /opt/local, I'm just saying that's not necessarily a good idea, especially not if multiple users have /opt/local/bin in their PATH. There is a reason why other package management systems on Linux/BSD/etc. require root privileges, and I don't thing we should just ignore those reasons.

We could however still reduce the number of commands we run as root, e.g. by using something similar to fakeroot.

-- 
Clemens Lang