| 1 |
On Mon, Jul 1, 2013 at 1:56 PM, Tom Wijsman <TomWij@g.o> wrote: |
| 2 |
> On Mon, 1 Jul 2013 19:38:48 +0100 |
| 3 |
> Markos Chandras <hwoarang@g.o> wrote: |
| 4 |
> |
| 5 |
>> I certainly don't feel safe anymore running non-upstream code in |
| 6 |
>> production boxes. |
| 7 |
> |
| 8 |
> You don't run it unless you explicitly tick on that you want |
| 9 |
> experimental functionality _as well as_ the optional features in |
| 10 |
> question; as I said earlier on chat, I don't understand your point here. |
| 11 |
> |
| 12 |
> If you don't enable them, genpatches is just like it is before; I'm |
| 13 |
> not sure why the recommendations should change here, especially with |
| 14 |
> vanilla-sources taking a further step away from Gentoo Security and QA. |
| 15 |
> |
| 16 |
|
| 17 |
Tom, |
| 18 |
|
| 19 |
I think the point was well-made by grehkh. If the patchset patches the |
| 20 |
kernel's core, it doesn't matter what CONFIG_* option is set the core |
| 21 |
kernel code _has_now_been_changed_. This is the crux of the argument, |
| 22 |
I believe. AUFS simply being one example of this. I'm sure there are |
| 23 |
others. |
| 24 |
|
| 25 |
-- |
| 26 |
Matthew W. Summers |
| 27 |
Gentoo Foundation Inc. |
| 28 |
GPG: 111B C438 35FA EDB5 B5D3 736F 45EE 5DC0 0878 9D46 |
Archives