1 |
On Tue, 10 Jun 2008 15:36:58 +0100 |
2 |
Robert Bridge <robert@××××××××.com> wrote: |
3 |
> So relying on the file extension seems to be a recipe for |
4 |
> misunderstanding. Why limit the functionality of the package manager |
5 |
> to rely on the file names? How do you protect the package manager |
6 |
> from a malicious ebuild masquerading under the wrong EAPI? Relying on |
7 |
> the file name for information is the kind of design decision we laugh |
8 |
> at in Windows, so why adopt it here? |
9 |
|
10 |
There is no protection against malicious ebuilds. Malicious ebuilds |
11 |
already run code as root when you install them. Being able to get an |
12 |
ebuild run with the wrong EAPI is utterly irrelevant. |
13 |
|
14 |
-- |
15 |
Ciaran McCreesh |