1 |
Hi Chris, |
2 |
|
3 |
On 10/31/06, Chris Gianelloni <wolf31o2@g.o> wrote: |
4 |
> On Tue, 2006-10-31 at 17:02 +0100, Stuart Herbert wrote: |
5 |
> > 3) ?? |
6 |
> |
7 |
> Get your hands on some of the minority arch hardware and help out? |
8 |
|
9 |
It's a good idea. It's not an option for me, but hopefully others |
10 |
will follow your advice. |
11 |
|
12 |
Personally, I like the idea of package maintainers updating old |
13 |
ebuilds with a prominent warning that the package is known to have |
14 |
security holes, and then leaving it to the user to decide whether or |
15 |
not to use the package. A suitable elog message (pointing the user at |
16 |
the security bugs in question, and warning them that the package is |
17 |
now unsupported as a result) in pkg_setup would do the trick. |
18 |
|
19 |
If there's any interest in this solution, it'd wouldn't take very long |
20 |
to add a suitable function to the eutils eclass, so that we can |
21 |
standardise the behaviour. |
22 |
|
23 |
Of course, it'd be even better if Portage itself could support this, |
24 |
so that the warning could occur without manual intervention. But in |
25 |
the meantime, adding a simple 'einsecure' function would be |
26 |
sufficient. |
27 |
|
28 |
Any interest? |
29 |
|
30 |
Best regards, |
31 |
Stu |
32 |
-- |
33 |
-- |
34 |
gentoo-dev@g.o mailing list |