Gentoo Archives: gentoo-dev

From: Ciaran McCreesh <ciaranm@×××××××.org>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Re: [soc] Python bindings for Paludis
Date: Sat, 31 Mar 2007 22:45:32
Message-Id: 20070331233940.1cbf0a71@snowflake
In Reply to: [gentoo-dev] Re: [soc] Python bindings for Paludis by Steve Long
1 On Sat, 31 Mar 2007 23:27:19 +0100
2 Steve Long <slong@××××××××××××××××××.uk> wrote:
3 > Stephen Bennett wrote:
4 > > ... Gentoo developers can take the latest release of said package
5 > > manager and continue development from that. That's the wonderful
6 > > thing about the GPL, no?
7 >
8 > Too late for all the affected users tho. Point is it's a major
9 > security hole which no sane organisation would even consider for
10 > mission-critical code.
12 Do you really think anyone checks every last line of code in every
13 release of every system package? Sneaking in a check
14 for /etc/gentoo-release with a time-delayed nasty into a widely used
15 package wouldn't be particularly hard for anyone serious... Heck,
16 getting oneself recruited under a pseudonym and sneaking some very
17 nasty global scope code into the tree wouldn't be particularly hard for
18 anyone serious...
20 These arguments are getting weaker and weaker...
22 --
23 Ciaran McCreesh


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-dev] Re: [soc] Python bindings for Paludis Mike Frysinger <vapier@g.o>