1 |
On Fri, 10 Oct 2008 09:32:44 +0300 |
2 |
Mart Raudsepp <leio@g.o> wrote: |
3 |
> > Of those, and those in overlays, and those that are going to be |
4 |
> > committed over the next few weeks, how many use src_prepare to apply |
5 |
> > security related patches? |
6 |
> |
7 |
> A round zero. Security patches are going stable soon after entering |
8 |
> portage tree, and EAPI=2 ebuilds can not go stable yet, as there is no |
9 |
> package manager supporting EAPI=2 that is going to be stable in the |
10 |
> next week or two (so maintainers make sure they don't use EAPI=2 for |
11 |
> security fix revisions). |
12 |
|
13 |
Oh really? So you're absolutely certain there aren't and won't soon be |
14 |
any EAPI 2 bumps of non-EAPI 2 versions that include security patches? |
15 |
And you're absolutely certain that there aren't, say, any packages that |
16 |
sed a broken chmod in a makefile in src_prepare? |
17 |
|
18 |
> I can not understand why this is dragged on. It was a bug, it is |
19 |
> fixed. The sky is not falling and EAPI-2 is not broken - there was a |
20 |
> bug in the implementation that is fixed. |
21 |
|
22 |
The point of EAPI is to avoid these kinds of problems. The process is |
23 |
failing and the fallout needs to be handled. |
24 |
|
25 |
-- |
26 |
Ciaran McCreesh |