1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA256 |
3 |
|
4 |
On 28/08/13 08:46 AM, hasufell wrote: |
5 |
> I want the council to make clear whether useflags that are: |
6 |
> |
7 |
> * unsupported by the maintainer * are known to break the build or |
8 |
> application at runtime * introduce security vulnerabilities |
9 |
> |
10 |
> are allowed to remain unmasked in stable packages. |
11 |
> |
12 |
> |
13 |
|
14 |
How are USE flags unsupported by the maintainer? You mean, use flags |
15 |
that enable patches or alternative code that upstream doesn't |
16 |
intend/support? |
17 |
|
18 |
Do you have a few good examples? |
19 |
|
20 |
- ---- |
21 |
|
22 |
As per the rest, I see no reason why they shouldn't be allowed to be |
23 |
set in stable as long as #1 - they aren't enabled by default, #2 - |
24 |
they aren't a global USE flag, and #3 - there's something in metadata |
25 |
to say that they can break things and/or cause insecurity. |
26 |
|
27 |
Case in point -- dev-lang/spidermonkey-1.8.5 and above has |
28 |
USE="debug", which can cause lots of runtime breakage to rdeps that |
29 |
use the lib (mainly because upstreams don't bother to ensure their |
30 |
code is 100% compliant to the lib), but is a -very necessary- feature |
31 |
if anyone is developing code that uses spidermonkey in order to debug |
32 |
it (the reason for a segfault is impossible to find otherwise). I'd |
33 |
rather not mask that flag for stable. |
34 |
|
35 |
I suppose also #4 - rdeps shouldn't require the flag applies as well, |
36 |
but since the easiest way to enforce that would be to mask the flag |
37 |
i'm going to ignore that argument :) |
38 |
-----BEGIN PGP SIGNATURE----- |
39 |
Version: GnuPG v2.0.20 (GNU/Linux) |
40 |
|
41 |
iF4EAREIAAYFAlId/DsACgkQ2ugaI38ACPDLsQD/aIqvFTp7BLM8xlatd8iDDwJj |
42 |
bSWRhUYXzfJtsJuxhAcA/3osy8hVPeKlNcxpBrgKwcLh7ckLzmBu5QG8Y/8Bxb2B |
43 |
=V4Qf |
44 |
-----END PGP SIGNATURE----- |