| 1 |
Zac Medico posted on Sat, 10 Mar 2018 15:16:29 -0800 as excerpted: |
| 2 |
|
| 3 |
> Changes: |
| 4 |
> * First paragraph rewritten by Robin Johnson <robbat2> |
| 5 |
> * Fixes spelling of 'following' reported by Michael Everitt |
| 6 |
> |
| 7 |
> |
| 8 |
> Title: Portage rsync tree verification unstable |
| 9 |
> Author: Zac Medico <zmedico@g.o> |
| 10 |
> Posted: 2018-03-13 |
| 11 |
> Revision: 1 |
| 12 |
> News-Item-Format: 2.0 |
| 13 |
> Display-If-Installed: sys-apps/portage |
| 14 |
> |
| 15 |
> Portage rsync tree verification is being temporarily turned off by |
| 16 |
> default, starting with sys-apps/portage-2.3.24. This permits |
| 17 |
> stabilization of sys-apps/portage-2.3.24 while still working on bugs |
| 18 |
> relating to tree verification [1]: deadlocks [2] & key fetching [3]. |
| 19 |
|
| 20 |
> [...] |
| 21 |
|
| 22 |
With robbat2's first paragraph rewrite the effect isn't quite as bad |
| 23 |
as that of the first draft, but the title still refers to "unstable", |
| 24 |
which in addition to the intended package-stability meaning, has a |
| 25 |
number of more severe and thus unnecessarily alarming meanings not |
| 26 |
intended here. |
| 27 |
|
| 28 |
FWIW, being security minded and knowing verification related to |
| 29 |
security, my own first thought was an app instability due to a |
| 30 |
potentially exploitable buffer-overflow... in code dealing with |
| 31 |
verification and thus potentially remotely triggerable during |
| 32 |
verification itself, definitely more alarming than intended! |
| 33 |
|
| 34 |
Thankfully robbat2's rewrite clarifies in the body now, but |
| 35 |
I still think the title remains overly alarming. |
| 36 |
|
| 37 |
Maybe "... remains unstable" or "not yet stable", as in: |
| 38 |
|
| 39 |
Title: Portage rsync tree verification not yet stable |
| 40 |
|
| 41 |
Or better, refer to the FEATURE flag "rsync-verify" in the title, |
| 42 |
so it's clear it's not a portage/emerge-executable instability, |
| 43 |
and clarify that it's the stable keyword, something like this |
| 44 |
(but might be too long, do those news item short title limits |
| 45 |
still apply?): |
| 46 |
|
| 47 |
Title: Portage rsync-verify feature not yet stable-keyworded |
| 48 |
|
| 49 |
Perhaps omit the -keyworded if that's too long: |
| 50 |
|
| 51 |
Title: Portage rsync-verify feature not yet stable |
| 52 |
|
| 53 |
Feel free to revise further... |
| 54 |
|
| 55 |
-- |
| 56 |
Duncan - List replies preferred. No HTML msgs. |
| 57 |
"Every nonfree program has a lord, a master -- |
| 58 |
and if you use the program, he is your master." Richard Stallman |
Archives