From: | "Diego Elio Pettenò" <flameeyes@×××××××××.eu> | ||
---|---|---|---|
To: | "gentoo-dev@l.g.o" <gentoo-dev@l.g.o> | ||
Subject: | Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8 | ||
Date: | Fri, 08 Nov 2013 15:18:48 | ||
Message-Id: | CAHcsgXS-qc+rFp5G0jvWWF=KtPwSQsa5GqYFgOxLgM50EynGhw@mail.gmail.com | ||
In Reply to: | [gentoo-dev] removing vulnerable versions of dev-lang/v8 by "Paweł Hajdan |
1 | On Fri, Nov 8, 2013 at 5:22 AM, "Paweł Hajdan, Jr." |
2 | <phajdan.jr@g.o>wrote: |
3 | |
4 | > Problem #1 is that sci-geosciences/osgearth-2.4 depends on |
5 | > =dev-lang/v8-3.18.5.14 (see |
6 | > <https://bugs.gentoo.org/show_bug.cgi?id=484786> for context). It |
7 | > doesn't work with more recent v8, but it can be made to not depend on v8. |
8 | > |
9 | |
10 | If "made not to depend" means "bundle", is the bundled version any safer |
11 | than the ebuild there? If the answer is no, you're now increasing the |
12 | security issue. |
13 | |
14 | Diego Elio Pettenò — Flameeyes |
15 | flameeyes@×××××××××.eu — http://blog.flameeyes.eu/ |
Subject | Author |
---|---|
Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8 | Peter Stuge <peter@×××××.se> |
Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8 | hasufell <hasufell@g.o> |