1 |
On Mon, Jul 1, 2013 at 1:56 PM, Tom Wijsman <TomWij@g.o> wrote: |
2 |
> On Mon, 1 Jul 2013 19:38:48 +0100 |
3 |
> Markos Chandras <hwoarang@g.o> wrote: |
4 |
> |
5 |
>> I certainly don't feel safe anymore running non-upstream code in |
6 |
>> production boxes. |
7 |
> |
8 |
> You don't run it unless you explicitly tick on that you want |
9 |
> experimental functionality _as well as_ the optional features in |
10 |
> question; as I said earlier on chat, I don't understand your point here. |
11 |
> |
12 |
> If you don't enable them, genpatches is just like it is before; I'm |
13 |
> not sure why the recommendations should change here, especially with |
14 |
> vanilla-sources taking a further step away from Gentoo Security and QA. |
15 |
> |
16 |
|
17 |
Tom, |
18 |
|
19 |
I think the point was well-made by grehkh. If the patchset patches the |
20 |
kernel's core, it doesn't matter what CONFIG_* option is set the core |
21 |
kernel code _has_now_been_changed_. This is the crux of the argument, |
22 |
I believe. AUFS simply being one example of this. I'm sure there are |
23 |
others. |
24 |
|
25 |
-- |
26 |
Matthew W. Summers |
27 |
Gentoo Foundation Inc. |
28 |
GPG: 111B C438 35FA EDB5 B5D3 736F 45EE 5DC0 0878 9D46 |