| 1 |
On 09/22/2017 05:51 PM, R0b0t1 wrote: |
| 2 |
> On Thu, Sep 21, 2017 at 2:56 PM, Michał Górny <mgorny@g.o> wrote: |
| 3 |
>> [1]:https://wiki.gentoo.org/wiki/Project:Sandbox |
| 4 |
>> |
| 5 |
> |
| 6 |
> I think I understand, in principle, why a sandbox could be useful, but |
| 7 |
> would it not be more productive to follow up with projects which do |
| 8 |
> unexpected things to ask that they not do those things? |
| 9 |
> |
| 10 |
|
| 11 |
The sandbox isn't a security feature, it's more of a QA tool. How do you |
| 12 |
*know* when the upstream project does something wrong? See, for example, |
| 13 |
|
| 14 |
https://bugs.gentoo.org/599706 |
| 15 |
|
| 16 |
The sandbox doesn't catch something, and the upstream project dropped |
| 17 |
DESTDIR from its build system. The result? /usr/bin is now owned by the |
| 18 |
"nagios" user. Of course the upstream build system shouldn't be making |
| 19 |
/usr/bin owned by nagios, but it would take you a good long time to |
| 20 |
notice it without the sandbox. |
Archives