1 |
Diego Elio Pettenò wrote: |
2 |
> > Problem #1 is that sci-geosciences/osgearth-2.4 depends on |
3 |
> > =dev-lang/v8-3.18.5.14 (see |
4 |
> > <https://bugs.gentoo.org/show_bug.cgi?id=484786> for context). It |
5 |
> > doesn't work with more recent v8, but it can be made to not depend on v8. |
6 |
> |
7 |
> If "made not to depend" means "bundle", is the bundled version any safer |
8 |
> than the ebuild there? If the answer is no, you're now increasing the |
9 |
> security issue. |
10 |
|
11 |
Based on my previous impression I OTOH assumed that Paweł meant |
12 |
disabling use of v8, but since I don't use either package I didn't |
13 |
look at the bug. |
14 |
|
15 |
Your email made me more curious, and as Paweł wrote the bug gives |
16 |
plenty of context, among other things Paweł has attached a patch |
17 |
there to disable v8 in osgearth. |
18 |
|
19 |
I think it's commendable that he doesn't settle for simply masking |
20 |
osgearth along with v8. |
21 |
|
22 |
|
23 |
//Peter |