Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: "Diego Elio Pettenò" <flameeyes@×××××××××.eu>
To: "gentoo-dev@l.g.o" <gentoo-dev@l.g.o>
Subject: Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8
Date: Fri, 08 Nov 2013 15:18:48
Message-Id: CAHcsgXS-qc+rFp5G0jvWWF=KtPwSQsa5GqYFgOxLgM50EynGhw@mail.gmail.com
In Reply to: [gentoo-dev] removing vulnerable versions of dev-lang/v8 by "Paweł Hajdan
1 On Fri, Nov 8, 2013 at 5:22 AM, "Paweł Hajdan, Jr."
2 <phajdan.jr@g.o>wrote:
3
4 > Problem #1 is that sci-geosciences/osgearth-2.4 depends on
5 > =dev-lang/v8-3.18.5.14 (see
6 > <https://bugs.gentoo.org/show_bug.cgi?id=484786> for context). It
7 > doesn't work with more recent v8, but it can be made to not depend on v8.
8 >
9
10 If "made not to depend" means "bundle", is the bundled version any safer
11 than the ebuild there? If the answer is no, you're now increasing the
12 security issue.
13
14 Diego Elio Pettenò — Flameeyes
15 flameeyes@×××××××××.eu — http://blog.flameeyes.eu/

Replies

Subject Author
Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8 Peter Stuge <peter@×××××.se>
Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8 hasufell <hasufell@g.o>
Report Message
Find on MARC Find on Google Groups