On Mon, 28 Aug 2000, Nitebirdz wrote:
>Date: Mon, 28 Aug 2000 13:51:17 -0500 (CDT)
>From: Nitebirdz <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>Subject: Re: rawhide: kudzu-0.68-1 fails to compile
>
>On Sun, 27 Aug 2000, John Summerfield wrote:
>
>>
>> I've chowned it to me and do not build as root (regulars will have noticed I'm
>> reluctant to build anything as root; recent news wrt pinstrip is Good).
>>
>
>Excuse me for the stupid question, but why wouldn't you build a package as
>root? Security reasons? Even if you trust the sources? Just trying to
>learn something from you, guys. :-)
Because I have done so for several years with no problems until
last week when I had a "rpm --rebuild" delete several
subdirectories on my filesystem during "%clean" stage. RPM
should IMHO do anything it does in a chroot()'d jail. Making a
user called "rpm" and setting up rpm to build packages as that
user, is much safer, ESPECIALLY when constructing and debugging
your own packages.
So, yes. Security, and safety. _Even_ if you trust the
sources. It is easy to make a mistake in a spec file and kiss
everything goodbye.
TTYL
--
Mike A. Harris Linux advocate
Computer Consultant GNU advocate
Capslock Consulting Open Source advocate
If you're looking for Linux books, guides, and other documentation, visit
the Linux Documentation Project homepage: http://linuxdoc.org
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
