[Pythonmac-SIG] Re: 2.1.1 under 10.1 [was Python package maker for OS X Installer.app]

[Jack Jansen]

Recently, Robert Abernathy <rellaa@earthlink.net> said:
> Is there a reason I wouldn't want to install the python files as owned 
> by root?

Yes, a very good reason. The Unix adagium is (and has always been) to
do as little as humanly possible as root. Taking the /usr/local/python
as an example, if you do a single
   sudo mkdir -m 775 /usr/local
then from that time on you can install anything into /usr/local using
your own account (administrators are allowed to write to directories
owned by group "wheel", the same group as root is in, but with no
inherent extra security risks).

The alternative is that you do a "sudo make install" for every package
you will ever want to install in /usr/local. This means that for every
package you install you have to trust the authors of the (often very
complex) makefiles to not have put a trojan horse in there. Or (why
blame on malevolence what you can blame on stupidity:-) not to have
made stupid errors. And stupid errors happen: Apple's own iTunes 2.0
installer wiped your disk if you happened to install it on a
non-system-disk with a space in the name just last weekend!
--
Jack Jansen             | ++++ stop the execution of Mumia Abu-Jamal ++++
Jack.Jansen@oratrix.com | ++++ if you agree copy these lines to your sig ++++
www.cwi.nl/~jack        | see http://www.xs4all.nl/~tank/spg-l/sigaction.htm