| 1 |
On 9/12/19 1:43 PM, Mike Gilbert wrote: |
| 2 |
> |
| 3 |
> They do "go away" if you pass the right options to emerge, or if you |
| 4 |
> install it from a binpkg in the first place. |
| 5 |
> |
| 6 |
|
| 7 |
The dependencies are statically linked into the final executable forever |
| 8 |
and receive no security updates. Portage doesn't even know they're |
| 9 |
there. Depclean doesn't do what you think it does in that case. (I'm |
| 10 |
sure you personally understand how this works, but a regular user has no |
| 11 |
idea that we've installed 100MB of vulnerable code on his machine and |
| 12 |
have just abandoned it there.) |
Archives