1 |
On Fri, Nov 30, 2012 at 4:13 PM, Tomá¹ Chvátal <tomas.chvatal@×××××.com> wrote: |
2 |
> Dne Pá 30. listopadu 2012 20:37:22, Pacho Ramos napsal(a): |
3 |
>> media-sound/logitechmediaserver-bin -> this package is "special", it's |
4 |
>> maintained by a proxy maintainer but it was reassigned to |
5 |
>> maintainer-needed instead of proxy-maint herd. Was reviewing to reassign |
6 |
>> it when I saw: |
7 |
>> https://bugs.gentoo.org/show_bug.cgi?id=251494 |
8 |
>> |
9 |
>> that I have no idea about how to handle :| |
10 |
> |
11 |
> Simple, |
12 |
> add hardmaks explaining possible secuirty issues due to bundling earth&heaven, |
13 |
> and then let the proxymaintainer play with it if he wants. |
14 |
> |
15 |
> The mask will be lifted only under condition these issues are fixed. |
16 |
> People can unmask quite easily if they want, we don't need everything in |
17 |
> stable :-) |
18 |
|
19 |
I can't say that I agree with this needing to be masked. If it HAS a |
20 |
known security issue, then mask it. If the only issue is that it |
21 |
bundles too many libs, well, then just stick an ewarn in there or |
22 |
something but make it the user's call. |
23 |
|
24 |
Should we mask chrome while we're at it (and yes, I'm aware that the |
25 |
chromium team is doing their best to remove these, but there are MANY |
26 |
left)? How about mythtv - that bundles ffmpeg? |
27 |
|
28 |
Yes, it is lousy practice, but our options are to change the world, |
29 |
practically fork upstream, or refuse to include useful packages. It |
30 |
is admirable when we can remove bundled libs, but this should not be |
31 |
mandatory for having a package in the tree. Actual security issues |
32 |
should be fixed, of course, or masked. |
33 |
|
34 |
Sure, it ain't perfect or pretty, but it works. And when dealing with |
35 |
outsiders, whether they are proxy maintainers or our founder, can we |
36 |
at least try to be polite? |
37 |
|
38 |
Rich |