On Thu, Feb 16, 2023 at 05:12:33PM -0700, Simon Glass wrote:
Hi Tom,
On Tue, 14 Feb 2023 at 13:27, Tom Rini trini@konsulko.com wrote:
On Tue, Feb 14, 2023 at 03:12:46PM -0500, Mike Frysinger wrote:
On Tue, Feb 14, 2023 at 3:08 PM Tom Rini trini@konsulko.com wrote:
Downloading things from the internet and putting them in to the default PATH always and forever is also kinda not great?
you just described a standard distribution. this is like literally how all of them work. not to mention every other language-specific distro tool out there (e.g. Python pip, Perl cpan, Go, etc...).
maybe you'd like more guarantees on top (e.g. signature verification) which is reasonable.
but to be clear, this script is already merged & in the tree, so your feedback doesn't block this patch.
Yes, exactly. This is a fix on top of what we do today, so it should go in. But modern distributions only install signed packages, and language-specific tools tend to be a hive of bad examples. Looking over binman right now, I see that we're either using apt (and oh, there's "aot" typo in one spot) or downloading from a known Google drive, for only a few less common tools.
So yes, I would like to see some ideas on how to improve things in the future so we aren't putting the binaries somewhere that's not a default (or frequently common) PATH location.
Are you thinking they should go in ~/.binman-tools or something like that? Then we would need to tell people to add it to their path. But we could make binman look there automatically.
We should document that it's where we're putting stuff, not so much "tell" them, unless you mean as a note when downloading. But yes, ~/.binman-tools sounds reasonable. Maybe a flag to point elsewhere?