On Aug 13, 2004, at 3:26, Alexander Kellett wrote:
> anyone with a brain could get malicious code into
> any package available on the planet, be it debian
> or whatever. the fact that ruby is so dynamic only
> makes this problem worse. only thing that is
> really going to stop this is a correctly sandboxed
> installer which uses a non-root user to compile
> and run the unit tests.

Or do what I do, and install everything non-root... There's nothing 
that says everything has to go into /usr/local: I use a non-root tree 
(/dt/...) and install everything there. Just make sure path and 
LD_LIBRARY_PATH are set in your profile, and a whole lot of install 
worried evaporate.

Cheers

Dave