| 1 |
On Tue, Oct 31, 2006 at 07:51:00PM +0000, Stuart Herbert wrote: |
| 2 |
> Hi Chris, |
| 3 |
> |
| 4 |
> On 10/31/06, Chris Gianelloni <wolf31o2@g.o> wrote: |
| 5 |
> >On Tue, 2006-10-31 at 17:02 +0100, Stuart Herbert wrote: |
| 6 |
> >> 3) ?? |
| 7 |
> > |
| 8 |
> >Get your hands on some of the minority arch hardware and help out? |
| 9 |
> |
| 10 |
> It's a good idea. It's not an option for me, but hopefully others |
| 11 |
> will follow your advice. |
| 12 |
> |
| 13 |
> Personally, I like the idea of package maintainers updating old |
| 14 |
> ebuilds with a prominent warning that the package is known to have |
| 15 |
> security holes, and then leaving it to the user to decide whether or |
| 16 |
> not to use the package. A suitable elog message (pointing the user at |
| 17 |
> the security bugs in question, and warning them that the package is |
| 18 |
> now unsupported as a result) in pkg_setup would do the trick. |
| 19 |
|
| 20 |
Rather see the keywords and masking status stripped down to just the |
| 21 |
arches that need that version. |
| 22 |
|
| 23 |
If folks need insecure ebuilds, cvs exists; trying to stick notices in |
| 24 |
is just an attempt to address a symptom, rather then the cause. |
| 25 |
|
| 26 |
That and notices are pretty damn easy to miss ;) |
| 27 |
~harring |
Archives