1 |
On Thursday 29 June 2006 01:39, David Shakaryan wrote: |
2 |
> Mike Frysinger wrote: |
3 |
> > On Saturday 24 June 2006 18:54, Edward Catmur wrote: |
4 |
> >> * Security (from malicious contributors): Glad to see layman will only |
5 |
> >> track the reviewed/ tree; still, anyone who checks out the sunrise/ tree |
6 |
> >> (and has it in PORTDIR_OVERLAY) is vulnerable. |
7 |
> >> |
8 |
> >> - Remove from the examples any suggestion that one should check out the |
9 |
> >> whole tree when contributing. Point out that one should not svn up |
10 |
> >> sunrise/ as part of updating Portage. |
11 |
> > |
12 |
> > valid point i think |
13 |
> |
14 |
> The guide has been edited to inform users that they should *not* use the |
15 |
> sunrise/ tree for any reason other than committing. Now, in the |
16 |
> HowToCommit guide, near the instructions for checking out the sunrise/ |
17 |
> tree, it clearly states that you should not set it as your |
18 |
> PORTDIR_OVERLAY, but use the reviewed/ instead. |
19 |
|
20 |
you can add documents all you want telling people to not do something ... if |
21 |
they are allowed to do it though, they will |
22 |
-mike |