Re: [Texi2html] merge of texi2html in texinfo

[Patrice Dumas]

On Sun, Nov 22, 2009 at 11:27:14PM +0000, Karl Berry wrote:
>     Because one doesn't know if the perl is the same than the one
>     used for configuration, 
> 
> My hypothesis is that the code is written to work with most any
> non-ancient perl and does not depend on configure-time tests.

In fact, in general the features are tested at runtime, if I recall well,
but there is a big difference between pre 5.6.? where there was no
utf8 support.

>     and this could even open security issues. 
> 
> Shrug.  Executing any program at any time is a security issue.  If a Bad
> Guy has created an executable perl in the PATH, the system is hopelessly
> compromised anyway.

It really depends on the system. If the system is something executing
automatically texi2any, then having hard-coded paths could really avoid
or render harder some exploits (for example for texi2any invoked in a
cgi script or as part of a build system).

>     that it is better to have a repdroducable wrong path than a 'random' one.
> 
> Ok, if that's what you want.  I don't insist.

I don't feel very strongly either. In fact as a sysadmin, I dislike having 
env in shebangs, so I want to have it here so too. But maybe what I would
like as a sysadmin and the shipped defaults should be different.


There are 2 other arguments that are not as strong in my opinion, but 
worth considering. 1) unless I am wrong the debian guidelines impose not
using an env shebang, on fedora although this is not a MUST, it is preferred.
2) rpm uses the shebang to find out automatic dependencies on interpreter.

--
Pat