On Aug 13, 2004, at 3:26, Alexander Kellett wrote: > anyone with a brain could get malicious code into > any package available on the planet, be it debian > or whatever. the fact that ruby is so dynamic only > makes this problem worse. only thing that is > really going to stop this is a correctly sandboxed > installer which uses a non-root user to compile > and run the unit tests. Or do what I do, and install everything non-root... There's nothing that says everything has to go into /usr/local: I use a non-root tree (/dt/...) and install everything there. Just make sure path and LD_LIBRARY_PATH are set in your profile, and a whole lot of install worried evaporate. Cheers Dave