| 1 |
On Fri, Nov 30, 2012 at 4:13 PM, Tomá¹ Chvátal <tomas.chvatal@×××××.com> wrote: |
| 2 |
> Dne Pá 30. listopadu 2012 20:37:22, Pacho Ramos napsal(a): |
| 3 |
>> media-sound/logitechmediaserver-bin -> this package is "special", it's |
| 4 |
>> maintained by a proxy maintainer but it was reassigned to |
| 5 |
>> maintainer-needed instead of proxy-maint herd. Was reviewing to reassign |
| 6 |
>> it when I saw: |
| 7 |
>> https://bugs.gentoo.org/show_bug.cgi?id=251494 |
| 8 |
>> |
| 9 |
>> that I have no idea about how to handle :| |
| 10 |
> |
| 11 |
> Simple, |
| 12 |
> add hardmaks explaining possible secuirty issues due to bundling earth&heaven, |
| 13 |
> and then let the proxymaintainer play with it if he wants. |
| 14 |
> |
| 15 |
> The mask will be lifted only under condition these issues are fixed. |
| 16 |
> People can unmask quite easily if they want, we don't need everything in |
| 17 |
> stable :-) |
| 18 |
|
| 19 |
I can't say that I agree with this needing to be masked. If it HAS a |
| 20 |
known security issue, then mask it. If the only issue is that it |
| 21 |
bundles too many libs, well, then just stick an ewarn in there or |
| 22 |
something but make it the user's call. |
| 23 |
|
| 24 |
Should we mask chrome while we're at it (and yes, I'm aware that the |
| 25 |
chromium team is doing their best to remove these, but there are MANY |
| 26 |
left)? How about mythtv - that bundles ffmpeg? |
| 27 |
|
| 28 |
Yes, it is lousy practice, but our options are to change the world, |
| 29 |
practically fork upstream, or refuse to include useful packages. It |
| 30 |
is admirable when we can remove bundled libs, but this should not be |
| 31 |
mandatory for having a package in the tree. Actual security issues |
| 32 |
should be fixed, of course, or masked. |
| 33 |
|
| 34 |
Sure, it ain't perfect or pretty, but it works. And when dealing with |
| 35 |
outsiders, whether they are proxy maintainers or our founder, can we |
| 36 |
at least try to be polite? |
| 37 |
|
| 38 |
Rich |
Archives