1 |
On Tue, Oct 31, 2006 at 07:51:00PM +0000, Stuart Herbert wrote: |
2 |
> Hi Chris, |
3 |
> |
4 |
> On 10/31/06, Chris Gianelloni <wolf31o2@g.o> wrote: |
5 |
> >On Tue, 2006-10-31 at 17:02 +0100, Stuart Herbert wrote: |
6 |
> >> 3) ?? |
7 |
> > |
8 |
> >Get your hands on some of the minority arch hardware and help out? |
9 |
> |
10 |
> It's a good idea. It's not an option for me, but hopefully others |
11 |
> will follow your advice. |
12 |
> |
13 |
> Personally, I like the idea of package maintainers updating old |
14 |
> ebuilds with a prominent warning that the package is known to have |
15 |
> security holes, and then leaving it to the user to decide whether or |
16 |
> not to use the package. A suitable elog message (pointing the user at |
17 |
> the security bugs in question, and warning them that the package is |
18 |
> now unsupported as a result) in pkg_setup would do the trick. |
19 |
|
20 |
Rather see the keywords and masking status stripped down to just the |
21 |
arches that need that version. |
22 |
|
23 |
If folks need insecure ebuilds, cvs exists; trying to stick notices in |
24 |
is just an attempt to address a symptom, rather then the cause. |
25 |
|
26 |
That and notices are pretty damn easy to miss ;) |
27 |
~harring |