| 1 |
Diego Elio Pettenò wrote: |
| 2 |
> > Problem #1 is that sci-geosciences/osgearth-2.4 depends on |
| 3 |
> > =dev-lang/v8-3.18.5.14 (see |
| 4 |
> > <https://bugs.gentoo.org/show_bug.cgi?id=484786> for context). It |
| 5 |
> > doesn't work with more recent v8, but it can be made to not depend on v8. |
| 6 |
> |
| 7 |
> If "made not to depend" means "bundle", is the bundled version any safer |
| 8 |
> than the ebuild there? If the answer is no, you're now increasing the |
| 9 |
> security issue. |
| 10 |
|
| 11 |
Based on my previous impression I OTOH assumed that Paweł meant |
| 12 |
disabling use of v8, but since I don't use either package I didn't |
| 13 |
look at the bug. |
| 14 |
|
| 15 |
Your email made me more curious, and as Paweł wrote the bug gives |
| 16 |
plenty of context, among other things Paweł has attached a patch |
| 17 |
there to disable v8 in osgearth. |
| 18 |
|
| 19 |
I think it's commendable that he doesn't settle for simply masking |
| 20 |
osgearth along with v8. |
| 21 |
|
| 22 |
|
| 23 |
//Peter |
Archives