| 1 |
On Fri, 10 Oct 2008 09:32:44 +0300 |
| 2 |
Mart Raudsepp <leio@g.o> wrote: |
| 3 |
> > Of those, and those in overlays, and those that are going to be |
| 4 |
> > committed over the next few weeks, how many use src_prepare to apply |
| 5 |
> > security related patches? |
| 6 |
> |
| 7 |
> A round zero. Security patches are going stable soon after entering |
| 8 |
> portage tree, and EAPI=2 ebuilds can not go stable yet, as there is no |
| 9 |
> package manager supporting EAPI=2 that is going to be stable in the |
| 10 |
> next week or two (so maintainers make sure they don't use EAPI=2 for |
| 11 |
> security fix revisions). |
| 12 |
|
| 13 |
Oh really? So you're absolutely certain there aren't and won't soon be |
| 14 |
any EAPI 2 bumps of non-EAPI 2 versions that include security patches? |
| 15 |
And you're absolutely certain that there aren't, say, any packages that |
| 16 |
sed a broken chmod in a makefile in src_prepare? |
| 17 |
|
| 18 |
> I can not understand why this is dragged on. It was a bug, it is |
| 19 |
> fixed. The sky is not falling and EAPI-2 is not broken - there was a |
| 20 |
> bug in the implementation that is fixed. |
| 21 |
|
| 22 |
The point of EAPI is to avoid these kinds of problems. The process is |
| 23 |
failing and the fallout needs to be handled. |
| 24 |
|
| 25 |
-- |
| 26 |
Ciaran McCreesh |
Archives