From: | Anna Vyalkova <cyber+gentoo@×××××.in> | ||
---|---|---|---|
To: | gentoo-project@l.g.o | ||
Subject: | Re: [gentoo-project] Call for agenda items - Council meeting on 2022-02-13 | ||
Date: | Mon, 14 Feb 2022 17:45:06 | ||
Message-Id: | YgqVHRwc+ZfG5eDy@sysrq.in | ||
In Reply to: | Re: [gentoo-project] Call for agenda items - Council meeting on 2022-02-13 by "Robin H. Johnson" |
1 | On 2022-02-13 07:37, Robin H. Johnson wrote: |
2 | > - Is it easy enough for any overlay author to use? |
3 | > - How are you going to trust every overlay's repacking of the distfiles: |
4 | > that they didn't include malicious code in the distfile, that wouldn't |
5 | > be caught in a review of the ebuild? |
6 | |
7 | As an overlay contributor myself, I'd contact upstream and ask them to |
8 | run "go mod vendor". If they care about Linux distributions and getting |
9 | their stuff in the repos, they'll do it. |