Hacker News new | past | comments | ask | show | jobs | submit login
The Heroku Toolbelt (heroku.com)
95 points by parsley on Feb 9, 2012 | hide | past | favorite | 9 comments



The Linux version of this is horribly wrong in so many ways. For one, you're downloading a shell script and running it with root privileges. A shell script that loads someone else's key into your system's database of trusted package signing keys, and then installs a package that can do just about anything to your system, including `rm -rf /*`.

And beyond the immediate security issues, this tramples both on the system git packages (because I doubt that Heroku uses so many advanced git features that they need the latest version) and on however you or your distro use RubyGems. Really, it would be far better to link to a page that tells you:

    sudo apt-get install git-core rubygems
    sudo gem install heroku foreman


Thanks for the feedback!

We made the script a link so you could check out what's going on before running it.

The heroku-toolbelt .deb actually depends on system git-core and ruby1.9.1 so we shouldn't be trampling anything.


Which is better than most people who just say "curl http://shortened.url/ | sudo sh", but inspecting the script doesn't really reveal much about what actually happens during the install. It basically just says, "We're adding this repo to your system, you'll just have to install heroku-toolbelt and see what happens!"


FYI when I installed heroku-toolbelt into "Ubuntu 10.04.3 LTS", the declared prerequisites were not enough to get things working.

IIRC (and am interpreting my shell history right), I also needed to install 'libopenssl-ruby' and 'ruby-full' by name.


How is this different then the gem? Is it just a package of the gem?


It's primarily intended for folks who don't come from a Ruby background and prefer their OS-native installation methods to rubygems. If you're happy using the gem, carry on.


I personally use RVM and gems, but like this approach for other people that haven't gone that way.

But instead of a shell script, can we get heroku-toolbelt into Ubuntu Software Center? Linux devs are pretty particular with what they run at the shell...know your audience and all.


Debian packaging has the widest reach by far, and rolling our own repo is something we have control over, so it makes the most sense as a first step. We may consider a PPA or possibly even submitting it for inclusion into something like Ubuntu universe at some point in the future.


This should probably be called the Heroku OS X Client, rather than giving it a new name (i.e. "Toolbelt") and implying that it is something new.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: