1 |
Ciaran McCreesh wrote: |
2 |
> On Wed, 20 Jun 2007 15:19:46 -0500 |
3 |
> Andrew Gaffney <agaffney@g.o> wrote: |
4 |
>> I'm not sure that's really a feasible solution (but then you probably |
5 |
>> weren't suggesting it with that intention). Being able to create a |
6 |
>> "backup" of any installed package without re-emerging is pretty |
7 |
>> handy. Many people use it and there would be a revolt if quickpkg |
8 |
>> were removed. |
9 |
> |
10 |
> Then live-filesystem-generated packages could be marked as 'not for |
11 |
> redistribution'. |
12 |
|
13 |
That's certainly a lot more feasible. However, it would have to be marked in |
14 |
some way that portage would recognize, and that marking could still likely be |
15 |
easily removed. |
16 |
|
17 |
This still allows the social engineering attack. Someone can get a binpkg |
18 |
created with quickpkg of someone else's baselayout and then remove the marking |
19 |
that would make portage gripe. |
20 |
|
21 |
-- |
22 |
Andrew Gaffney http://dev.gentoo.org/~agaffney/ |
23 |
Gentoo Linux Developer Catalyst/Installer + x86 release coordinator |
24 |
-- |
25 |
gentoo-dev@g.o mailing list |