[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: lyp - a Package Manager for Lilypond
|
From: |
Sharon Rosner |
|
Subject: |
RE: lyp - a Package Manager for Lilypond |
|
Date: |
Fri, 29 Jan 2016 05:44:28 -0700 (MST) |
> > *have* to contribute - you can also simply make your packages available.
>
>...as hosted Git repositories. I thought that was a dealbreaker, but I
> tried to give it a fair chance.
Please explain why packages as hosted git repositories is a bad idea. What
would be a better solution in your opinion?
> I read the readme as far as the line about piping the output of curl into
> bash. I stopped there.
If you actually *had* read up to that point in the readme, you will have
noticed that:
1. Nobody's forcing you to install lyp that way. You can also install it as
a Ruby gem, and that's the first option given. The sole reason this install
script exists is to allow people who don't have Ruby installed on their
machine to use lyp.
2. The paragraph explaining how to install lyp as a standalone package
actually links to the install script source, which you can review before
running the install command, should you have doubts about what it does.
3. You can also download the install script, inspect it (it's not obfuscated
and it does nothing fancy), and then run it.
4. You can also manually download the release file, untar it, inspect its
content (it's basically lyp source files + ruby binaries), then run 'lyp
install self'.
Just to save you some clicks - here's the link to the source of the install
script:
https://raw.githubusercontent.com/noteflakes/lyp/master/bin/install_release.sh
And here's a list of pretty respectable software that's installed using
curl|bash:
- Homebrew (Mac OSX Package manager) - pipes to ruby
- rvm (Ruby version manager)
- nvm (node.JS version manager)
- oh-my-zsh (zsh configuration framework)
- Python setuptools (Python package management) - pipes to python
- gitlab community edition (git hosting) - pipes to sudo bash!
- kubernetes (container orchestration platform from Google)
- Google Cloud SDK
In fact there's a pretty popular tumblog dedicated to curl|bash bashing ;-)
http://curlpipesh.tumblr.com/
I understand that there are risks involved in this technique. But if you're
concerned about a 50-line bash script from the intertubes, you should be
just as concerned about the 2000 lines of Ruby code inside lyp, or for that
matter any piece of code installed on your machine.
Sharon Rosner
--
View this message in context:
http://lilypond.1069038.n5.nabble.com/lyp-a-Package-Manager-for-Lilypond-tp186597p186617.html
Sent from the User mailing list archive at Nabble.com.
- lyp - a Package Manager for Lilypond, Sharon Rosner, 2016/01/28
- RE: lyp - a Package Manager for Lilypond, Mike Solomon, 2016/01/29
- RE: lyp - a Package Manager for Lilypond, Urs Liska, 2016/01/29
- RE: lyp - a Package Manager for Lilypond, mskala, 2016/01/29
- Re: lyp - a Package Manager for Lilypond, Johan Vromans, 2016/01/29
- RE: lyp - a Package Manager for Lilypond,
Sharon Rosner <=
- RE: lyp - a Package Manager for Lilypond, mskala, 2016/01/29
- Re: lyp - a Package Manager for Lilypond, Urs Liska, 2016/01/29
- Re: lyp - a Package Manager for Lilypond, Sharon Rosner, 2016/01/29
- RE: lyp - a Package Manager for Lilypond, Sharon Rosner, 2016/01/29
- Re: lyp - a Package Manager for Lilypond, Urs Liska, 2016/01/29
- Re: lyp - a Package Manager for Lilypond, Johan Vromans, 2016/01/29
RE: lyp - a Package Manager for Lilypond, Sharon Rosner, 2016/01/29