| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA256 |
| 3 |
|
| 4 |
On 28/08/13 08:46 AM, hasufell wrote: |
| 5 |
> I want the council to make clear whether useflags that are: |
| 6 |
> |
| 7 |
> * unsupported by the maintainer * are known to break the build or |
| 8 |
> application at runtime * introduce security vulnerabilities |
| 9 |
> |
| 10 |
> are allowed to remain unmasked in stable packages. |
| 11 |
> |
| 12 |
> |
| 13 |
|
| 14 |
How are USE flags unsupported by the maintainer? You mean, use flags |
| 15 |
that enable patches or alternative code that upstream doesn't |
| 16 |
intend/support? |
| 17 |
|
| 18 |
Do you have a few good examples? |
| 19 |
|
| 20 |
- ---- |
| 21 |
|
| 22 |
As per the rest, I see no reason why they shouldn't be allowed to be |
| 23 |
set in stable as long as #1 - they aren't enabled by default, #2 - |
| 24 |
they aren't a global USE flag, and #3 - there's something in metadata |
| 25 |
to say that they can break things and/or cause insecurity. |
| 26 |
|
| 27 |
Case in point -- dev-lang/spidermonkey-1.8.5 and above has |
| 28 |
USE="debug", which can cause lots of runtime breakage to rdeps that |
| 29 |
use the lib (mainly because upstreams don't bother to ensure their |
| 30 |
code is 100% compliant to the lib), but is a -very necessary- feature |
| 31 |
if anyone is developing code that uses spidermonkey in order to debug |
| 32 |
it (the reason for a segfault is impossible to find otherwise). I'd |
| 33 |
rather not mask that flag for stable. |
| 34 |
|
| 35 |
I suppose also #4 - rdeps shouldn't require the flag applies as well, |
| 36 |
but since the easiest way to enforce that would be to mask the flag |
| 37 |
i'm going to ignore that argument :) |
| 38 |
-----BEGIN PGP SIGNATURE----- |
| 39 |
Version: GnuPG v2.0.20 (GNU/Linux) |
| 40 |
|
| 41 |
iF4EAREIAAYFAlId/DsACgkQ2ugaI38ACPDLsQD/aIqvFTp7BLM8xlatd8iDDwJj |
| 42 |
bSWRhUYXzfJtsJuxhAcA/3osy8hVPeKlNcxpBrgKwcLh7ckLzmBu5QG8Y/8Bxb2B |
| 43 |
=V4Qf |
| 44 |
-----END PGP SIGNATURE----- |
Archives