1 |
On Wednesday 20 June 2007, Olivier Crête wrote: |
2 |
> On Wed, 2007-20-06 at 17:19 -0400, Mike Frysinger wrote: |
3 |
> > the use of the binpkg is not an issue, it's the creation ... people |
4 |
> > blindly creating tbz2's which could contain their sensitive files and |
5 |
> > posting them |
6 |
> > |
7 |
> > i'll just go ahead with the feedback from Olivier and have quickpkg skip |
8 |
> > CONFIG_PROTECT by default |
9 |
> |
10 |
> This will by default create potentially broken packages (since many just |
11 |
> wont work without their CONFIG_PROTECTed files). That's why I suggested |
12 |
> a big fat warning and accepting that we can't protect users against |
13 |
> themselves or against social engineering (aka their own stupidity). |
14 |
|
15 |
i think this would only be an issue where quickpkg is being run |
16 |
non-interactively and the output not being reviewed (which i also dont think |
17 |
is a common scenario for quickpkg) ... the new output of quickpkg will be |
18 |
explicit in what it is (or isnt) doing so there wont be any issue of "drive |
19 |
by" social engineering |
20 |
|
21 |
as for dubbing people who are successfully socially engineered "stupid", i |
22 |
dont really think that's appropriate ... consider noobs on irc in #gentoo who |
23 |
just want to help and havent learned their way around yet. are they stupid |
24 |
(well they might be, but lets give them the benefit of the doubt) ? i'd |
25 |
liken the situation to a kid growing up ... kids arent stupid, they lack |
26 |
experience and calling them stupid isnt constructive |
27 |
-mike |