| 1 |
On Tue, 10 Jun 2008 15:36:58 +0100 |
| 2 |
Robert Bridge <robert@××××××××.com> wrote: |
| 3 |
> So relying on the file extension seems to be a recipe for |
| 4 |
> misunderstanding. Why limit the functionality of the package manager |
| 5 |
> to rely on the file names? How do you protect the package manager |
| 6 |
> from a malicious ebuild masquerading under the wrong EAPI? Relying on |
| 7 |
> the file name for information is the kind of design decision we laugh |
| 8 |
> at in Windows, so why adopt it here? |
| 9 |
|
| 10 |
There is no protection against malicious ebuilds. Malicious ebuilds |
| 11 |
already run code as root when you install them. Being able to get an |
| 12 |
ebuild run with the wrong EAPI is utterly irrelevant. |
| 13 |
|
| 14 |
-- |
| 15 |
Ciaran McCreesh |
Archives