1 |
On Monday 08 June 2009, Maciej Mrozowski wrote: |
2 |
... |
3 |
> While it usually doesn't do any particular harm (but I guess security |
4 |
> and prefix/alt team won't agree on this) - insanely enabling |
5 |
> everything by default is not the best idea in my opinion. |
6 |
|
7 |
The Security Team supports all use flag combinations, even those not |
8 |
enabled by default. Masked use flags are not supported. As far as |
9 |
proactively disabling certain codecs go, that certainly exploits of |
10 |
certain (disabled) codecs. However, if the user was tricked into |
11 |
downloading a file and will see that he cannot play it due to a missing |
12 |
codec, he might just enable that use flag and rety. |
13 |
The only way to be safe is to minimize the untrusted input to your |
14 |
application, keep it updated, and employ other means of hardening |
15 |
(privilege separation). |
16 |
|
17 |
> Of course we need an example. Let's have a look at latest stable |
18 |
> media- video/mplayer-1.0_rc2_p20090322 ebuild: |
19 |
... |
20 |
> Personally I'd really like to hear some explanation from maintainers |
21 |
> about the reasons mplayer needs all those dependencies or why they |
22 |
> are *really* recommended for every user of *any* profile (let me |
23 |
> remind this). |
24 |
|
25 |
You should see the list of referenced bug reports in the ChangeLog for |
26 |
an explanation: https://bugs.gentoo.org/show_bug.cgi?id=260588 |
27 |
|
28 |
As stated there, all internally supported codecs are enabled, and only |
29 |
very few default USE flags require external deps. |
30 |
|
31 |
> But thats's not the point - the point is, Gentoo probably needs some |
32 |
> policy to advise, when some newly added USE flags are appropriate to |
33 |
> be enabled by default. |
34 |
> |
35 |
> I suggest as follows: |
36 |
> - When newly added USE flag makes already provided feature optional - |
37 |
> needs to be enabled by default (this is required to make package |
38 |
> feature set somewhat invariant after update) |
39 |
> - When newly added USE flag adds new feature that is considered very |
40 |
> common (that's tricky part and decision should be always made by |
41 |
> herd, not individual developer) *but* *does* *not* *pull* *any* |
42 |
> *dependencies* - enable by default - in any other case *do* *not* |
43 |
> *enable* by default - (why? because "I use it so I'll enable it by |
44 |
> default" is not enough of an explanation) |
45 |
> |
46 |
> What's the opinion on that? I guess we need some policy or at least |
47 |
> some suggestion mentioned in devmanual - really.. |
48 |
|
49 |
I am in favor of applying common sense (hah!). An application (and an |
50 |
OS, in general) in the default config should run the common use cases, |
51 |
and some more. It's just as easy to remove a use flag as it is to |
52 |
enable it. |
53 |
And personally, I hate having to enable USE=png on all my desktop |
54 |
machines so I can use a desktop background. Just as much as I hate |
55 |
downloading some video and realizing I forgot to add USE=schroedinger |
56 |
for mplayer, and then wait for a recompile before the fun. |
57 |
|
58 |
|
59 |
Robert |