Archives
Archives
| From: | Anna Vyalkova <cyber+gentoo@×××××.in> | ||
|---|---|---|---|
| To: | gentoo-project@l.g.o | ||
| Subject: | Re: [gentoo-project] Call for agenda items - Council meeting on 2022-02-13 | ||
| Date: | Mon, 14 Feb 2022 17:45:06 | ||
| Message-Id: | YgqVHRwc+ZfG5eDy@sysrq.in | ||
| In Reply to: | Re: [gentoo-project] Call for agenda items - Council meeting on 2022-02-13 by "Robin H. Johnson" |
||
| 1 | On 2022-02-13 07:37, Robin H. Johnson wrote: |
| 2 | > - Is it easy enough for any overlay author to use? |
| 3 | > - How are you going to trust every overlay's repacking of the distfiles: |
| 4 | > that they didn't include malicious code in the distfile, that wouldn't |
| 5 | > be caught in a review of the ebuild? |
| 6 | |
| 7 | As an overlay contributor myself, I'd contact upstream and ask them to |
| 8 | run "go mod vendor". If they care about Linux distributions and getting |
| 9 | their stuff in the repos, they'll do it. |