| 1 |
> The process for getting unstable ebuilds from bugzilla to portage could |
| 2 |
> even be automated to the extent that when an ebuild is put into |
| 3 |
> bugzilla it gets auto committed to the tree but masked unstable. |
| 4 |
|
| 5 |
I don't think that auto committing user submitted ebuilds is safe, |
| 6 |
even if they are masked. For instance, someone could put something |
| 7 |
malicious in global scope in the ebuild. Stuff in global scope gets |
| 8 |
interpreted whenever the ebuild is sourced. More info on scope: |
| 9 |
http://www.gentoolinux.org/proj/en/devrel/handbook/handbook.xml?part=3&chap=1#doc_chap3_sect4 |
| 10 |
|
| 11 |
-Thomas |
| 12 |
|
| 13 |
-- |
| 14 |
gentoo-dev@g.o mailing list |
Archives