1 |
On Tuesday, October 05, 2010 23:04:32 Nirbheek Chauhan wrote: |
2 |
> On Wed, Oct 6, 2010 at 7:36 AM, Mike Frysinger wrote: |
3 |
> > On Tuesday, October 05, 2010 10:35:57 Nirbheek Chauhan wrote: |
4 |
> >> To fix this problem sqlite upstream made a specific change allowing a |
5 |
> >> #pragma to be used to define where secure-delete is required, avoiding |
6 |
> >> the need to use secure-delete *everywhere*. |
7 |
> > |
8 |
> > so what you're saying is that this USE flag can die once people |
9 |
> > fix/update their packages |
10 |
> |
11 |
> What I'm saying is that mozilla team will not do it unless you either: |
12 |
> |
13 |
> (a) You convince/bribe/cluebat upstream (we've tried and failed), or |
14 |
> (b) You write a patch that you promise to maintain forever with quick |
15 |
> responses for security bumps |
16 |
> |
17 |
> Keep in mind that firefox usually only works with a very narrow range |
18 |
> of sqlite versions. If it's too low, it won't compile, or have runtime |
19 |
> failures (when they forget to update the min system-sqlite version). |
20 |
> If it's too high, it'll have strange runtime bugs since firefox relies |
21 |
> too heavily on existing sqlite behaviour[1]. |
22 |
|
23 |
so getting back to the original question: no, this should not be a global USE |
24 |
flag, and yes, this local flag should die. |
25 |
-mike |