1 |
On Wed, Oct 6, 2010 at 7:36 AM, Mike Frysinger <vapier@g.o> wrote: |
2 |
> On Tuesday, October 05, 2010 10:35:57 Nirbheek Chauhan wrote: |
3 |
>> To fix this problem sqlite upstream made a specific change allowing a |
4 |
>> #pragma to be used to define where secure-delete is required, avoiding |
5 |
>> the need to use secure-delete *everywhere*. |
6 |
> |
7 |
> so what you're saying is that this USE flag can die once people fix/update |
8 |
> their packages |
9 |
> -mike |
10 |
> |
11 |
|
12 |
What I'm saying is that mozilla team will not do it unless you either: |
13 |
|
14 |
(a) You convince/bribe/cluebat upstream (we've tried and failed), or |
15 |
(b) You write a patch that you promise to maintain forever with quick |
16 |
responses for security bumps |
17 |
|
18 |
Keep in mind that firefox usually only works with a very narrow range |
19 |
of sqlite versions. If it's too low, it won't compile, or have runtime |
20 |
failures (when they forget to update the min system-sqlite version). |
21 |
If it's too high, it'll have strange runtime bugs since firefox relies |
22 |
too heavily on existing sqlite behaviour[1]. |
23 |
|
24 |
1. https://bugzilla.mozilla.org/show_bug.cgi?id=583611 |
25 |
-- |
26 |
~Nirbheek Chauhan |
27 |
|
28 |
Gentoo GNOME+Mozilla Team |