| 1 |
Hi Chris, |
| 2 |
|
| 3 |
On 10/31/06, Chris Gianelloni <wolf31o2@g.o> wrote: |
| 4 |
> On Tue, 2006-10-31 at 17:02 +0100, Stuart Herbert wrote: |
| 5 |
> > 3) ?? |
| 6 |
> |
| 7 |
> Get your hands on some of the minority arch hardware and help out? |
| 8 |
|
| 9 |
It's a good idea. It's not an option for me, but hopefully others |
| 10 |
will follow your advice. |
| 11 |
|
| 12 |
Personally, I like the idea of package maintainers updating old |
| 13 |
ebuilds with a prominent warning that the package is known to have |
| 14 |
security holes, and then leaving it to the user to decide whether or |
| 15 |
not to use the package. A suitable elog message (pointing the user at |
| 16 |
the security bugs in question, and warning them that the package is |
| 17 |
now unsupported as a result) in pkg_setup would do the trick. |
| 18 |
|
| 19 |
If there's any interest in this solution, it'd wouldn't take very long |
| 20 |
to add a suitable function to the eutils eclass, so that we can |
| 21 |
standardise the behaviour. |
| 22 |
|
| 23 |
Of course, it'd be even better if Portage itself could support this, |
| 24 |
so that the warning could occur without manual intervention. But in |
| 25 |
the meantime, adding a simple 'einsecure' function would be |
| 26 |
sufficient. |
| 27 |
|
| 28 |
Any interest? |
| 29 |
|
| 30 |
Best regards, |
| 31 |
Stu |
| 32 |
-- |
| 33 |
-- |
| 34 |
gentoo-dev@g.o mailing list |
Archives