1 |
On 09/22/2017 05:51 PM, R0b0t1 wrote: |
2 |
> On Thu, Sep 21, 2017 at 2:56 PM, Michał Górny <mgorny@g.o> wrote: |
3 |
>> [1]:https://wiki.gentoo.org/wiki/Project:Sandbox |
4 |
>> |
5 |
> |
6 |
> I think I understand, in principle, why a sandbox could be useful, but |
7 |
> would it not be more productive to follow up with projects which do |
8 |
> unexpected things to ask that they not do those things? |
9 |
> |
10 |
|
11 |
The sandbox isn't a security feature, it's more of a QA tool. How do you |
12 |
*know* when the upstream project does something wrong? See, for example, |
13 |
|
14 |
https://bugs.gentoo.org/599706 |
15 |
|
16 |
The sandbox doesn't catch something, and the upstream project dropped |
17 |
DESTDIR from its build system. The result? /usr/bin is now owned by the |
18 |
"nagios" user. Of course the upstream build system shouldn't be making |
19 |
/usr/bin owned by nagios, but it would take you a good long time to |
20 |
notice it without the sandbox. |