| 1 |
On Wednesday 20 June 2007, Olivier Crête wrote: |
| 2 |
> On Wed, 2007-20-06 at 18:28 -0400, Mike Frysinger wrote: |
| 3 |
> > On Wednesday 20 June 2007, Olivier Crête wrote: |
| 4 |
> > > On Wed, 2007-20-06 at 17:19 -0400, Mike Frysinger wrote: |
| 5 |
> > > > the use of the binpkg is not an issue, it's the creation ... people |
| 6 |
> > > > blindly creating tbz2's which could contain their sensitive files and |
| 7 |
> > > > posting them |
| 8 |
> > > > |
| 9 |
> > > > i'll just go ahead with the feedback from Olivier and have quickpkg |
| 10 |
> > > > skip CONFIG_PROTECT by default |
| 11 |
> > > |
| 12 |
> > > This will by default create potentially broken packages (since many |
| 13 |
> > > just wont work without their CONFIG_PROTECTed files). That's why I |
| 14 |
> > > suggested a big fat warning and accepting that we can't protect users |
| 15 |
> > > against themselves or against social engineering (aka their own |
| 16 |
> > > stupidity). |
| 17 |
> > |
| 18 |
> > i think this would only be an issue where quickpkg is being run |
| 19 |
> > non-interactively and the output not being reviewed (which i also dont |
| 20 |
> > think is a common scenario for quickpkg) ... the new output of quickpkg |
| 21 |
> > will be explicit in what it is (or isnt) doing so there wont be any issue |
| 22 |
> > of "drive by" social engineering |
| 23 |
> |
| 24 |
> Well, I often use quickpkg when I want to try a new version of a package |
| 25 |
> (I quickpkg the currently installed one.. and I want to keep all the |
| 26 |
> config files). Then I emerge the new one, and I absolutely want to be |
| 27 |
> able to restore the config files if I want to revert to an older |
| 28 |
> version, either because they have been broken by the pkg_postinst or |
| 29 |
> something else. I still haven't heard a good reason to change anything |
| 30 |
> thats not the printing in quickpkg. |
| 31 |
|
| 32 |
i didnt say i was going to be disallowing this, i said i'd be making it no |
| 33 |
longer the default behavior ... what you want to do will still be perfectly |
| 34 |
possible |
| 35 |
|
| 36 |
> > as for dubbing people who are successfully socially engineered "stupid", |
| 37 |
> > i dont really think that's appropriate ... consider noobs on irc in |
| 38 |
> > #gentoo who just want to help and havent learned their way around yet. |
| 39 |
> > are they stupid (well they might be, but lets give them the benefit of |
| 40 |
> > the doubt) ? i'd liken the situation to a kid growing up ... kids arent |
| 41 |
> > stupid, they lack experience and calling them stupid isnt constructive |
| 42 |
> |
| 43 |
> I'm not calling anyone stupid... but I'm talking of our inner stupidity |
| 44 |
> (which we all have)... |
| 45 |
|
| 46 |
ah, zen stupidity |
| 47 |
-mike |
Archives