| 1 |
On Tuesday, October 05, 2010 23:04:32 Nirbheek Chauhan wrote: |
| 2 |
> On Wed, Oct 6, 2010 at 7:36 AM, Mike Frysinger wrote: |
| 3 |
> > On Tuesday, October 05, 2010 10:35:57 Nirbheek Chauhan wrote: |
| 4 |
> >> To fix this problem sqlite upstream made a specific change allowing a |
| 5 |
> >> #pragma to be used to define where secure-delete is required, avoiding |
| 6 |
> >> the need to use secure-delete *everywhere*. |
| 7 |
> > |
| 8 |
> > so what you're saying is that this USE flag can die once people |
| 9 |
> > fix/update their packages |
| 10 |
> |
| 11 |
> What I'm saying is that mozilla team will not do it unless you either: |
| 12 |
> |
| 13 |
> (a) You convince/bribe/cluebat upstream (we've tried and failed), or |
| 14 |
> (b) You write a patch that you promise to maintain forever with quick |
| 15 |
> responses for security bumps |
| 16 |
> |
| 17 |
> Keep in mind that firefox usually only works with a very narrow range |
| 18 |
> of sqlite versions. If it's too low, it won't compile, or have runtime |
| 19 |
> failures (when they forget to update the min system-sqlite version). |
| 20 |
> If it's too high, it'll have strange runtime bugs since firefox relies |
| 21 |
> too heavily on existing sqlite behaviour[1]. |
| 22 |
|
| 23 |
so getting back to the original question: no, this should not be a global USE |
| 24 |
flag, and yes, this local flag should die. |
| 25 |
-mike |
Archives