1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 11/08/2013 04:18 PM, Diego Elio Pettenò wrote: |
5 |
> |
6 |
> On Fri, Nov 8, 2013 at 5:22 AM, "Paweł Hajdan, Jr." |
7 |
> <phajdan.jr@g.o <mailto:phajdan.jr@g.o>> wrote: |
8 |
> |
9 |
> Problem #1 is that sci-geosciences/osgearth-2.4 depends on |
10 |
> =dev-lang/v8-3.18.5.14 (see |
11 |
> <https://bugs.gentoo.org/show_bug.cgi?id=484786> for context). It |
12 |
> doesn't work with more recent v8, but it can be made to not depend |
13 |
> on v8. |
14 |
> |
15 |
> |
16 |
> If "made not to depend" means "bundle", is the bundled version any |
17 |
> safer than the ebuild there? If the answer is no, you're now |
18 |
> increasing the security issue. |
19 |
> |
20 |
> Diego Elio Pettenò — Flameeyes flameeyes@×××××××××.eu |
21 |
> <mailto:flameeyes@×××××××××.eu> — http://blog.flameeyes.eu/ |
22 |
|
23 |
|
24 |
https://github.com/gwaldron/osgearth/issues/333 |
25 |
|
26 |
in short: they kind of forked (I am not sure if there are any major |
27 |
modifications yet) it and do not plan to bundle it |
28 |
|
29 |
there is no release more current than osgearth-2.4, so I am fine with |
30 |
hardmasking/treecleaning osgearth |
31 |
|
32 |
I will not maintain a fork of v8. |
33 |
-----BEGIN PGP SIGNATURE----- |
34 |
Version: GnuPG v2.0.22 (GNU/Linux) |
35 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
36 |
|
37 |
iQEcBAEBAgAGBQJSfVxtAAoJEFpvPKfnPDWzZ7EH/ib4oZPMLUTYDU0gvkC2NL9o |
38 |
XVvaSdD2lWbAi6ZTwS7RCqygGWoUu5duM4qAOpb/i+KcBgvmXiyDuoOarVFea0PW |
39 |
Si1StRzYf2aVitbdjTqUYlmynX5yiNFvnx5J3knZegzVpm1A9n2Dq2dnIeG7C7zO |
40 |
waWurRsOAdL+XAU3tNot1TepyZwojB3xz3w9k0YtuTTwHRX2vGQ7XM1MOnr9jrOy |
41 |
Is4x5naeau7P4t7Doi5+y9zj5ydshmEHeRm5Upt3DB6JO1WmPdA+8Z4ZmcOLiWUu |
42 |
tBLSqpxSf6TGaUbOop7hNWDWl8ptfrzoSyQjTu6fLHLSo+SMH4qToSEdOlpkqyc= |
43 |
=0K7T |
44 |
-----END PGP SIGNATURE----- |