Gentoo Archives: gentoo-dev

From: Rich Freeman <rich0@g.o>
To: gentoo development <gentoo-dev@l.g.o>
Subject: Re: [gentoo-dev] qa last rites multiple packages
Date: Wed, 07 Jan 2015 12:57:04
Message-Id: CAGfcS_kwbNAMmr=KgRF0p7EcXt1DWXqKF+NXEeNLfMTP70ipXQ@mail.gmail.com
In Reply to: [gentoo-dev] qa last rites multiple packages by William Hubbs
1 On Tue, Jan 6, 2015 at 6:47 PM, William Hubbs <williamh@g.o> wrote:
2 >
3 > I am particularly concerned about packages with known security
4 > vulnerabilities staying in the main tree masked. If people want to keep
5 > using those packages, I don't want to stop them, but packages like this
6 > should not be in the main tree.
7 >
8
9 Is this policy documented anywhere? If not, I'd be interested in what
10 the general sense of the community is here, and this might be an
11 appropriate topic for the next Council meeting.
12
13 I guess my question is what harm does it cause to have masked packages
14 in the main tree, where they at least benefit from other forms of QA
15 (eclass fixes, etc)? The mask messages clearly point out the security
16 issues, so anybody who unmasks them is making an informed decision.
17 If they just move to some overlay most likely they won't have any
18 warnings and people will just figure that they're one of 10k other
19 packages that someone doesn't want to bother getting into the tree.
20
21 I'll go ahead and reply to the council agenda thread with this, and
22 I'd be interested in what the general sense of the rest of the
23 community is here.
24
25 --
26 Rich

Replies

Subject Author
Re: [gentoo-dev] qa last rites multiple packages Alan McKinnon <alan.mckinnon@×××××.com>