| 1 |
On Thursday 29 June 2006 01:39, David Shakaryan wrote: |
| 2 |
> Mike Frysinger wrote: |
| 3 |
> > On Saturday 24 June 2006 18:54, Edward Catmur wrote: |
| 4 |
> >> * Security (from malicious contributors): Glad to see layman will only |
| 5 |
> >> track the reviewed/ tree; still, anyone who checks out the sunrise/ tree |
| 6 |
> >> (and has it in PORTDIR_OVERLAY) is vulnerable. |
| 7 |
> >> |
| 8 |
> >> - Remove from the examples any suggestion that one should check out the |
| 9 |
> >> whole tree when contributing. Point out that one should not svn up |
| 10 |
> >> sunrise/ as part of updating Portage. |
| 11 |
> > |
| 12 |
> > valid point i think |
| 13 |
> |
| 14 |
> The guide has been edited to inform users that they should *not* use the |
| 15 |
> sunrise/ tree for any reason other than committing. Now, in the |
| 16 |
> HowToCommit guide, near the instructions for checking out the sunrise/ |
| 17 |
> tree, it clearly states that you should not set it as your |
| 18 |
> PORTDIR_OVERLAY, but use the reviewed/ instead. |
| 19 |
|
| 20 |
you can add documents all you want telling people to not do something ... if |
| 21 |
they are allowed to do it though, they will |
| 22 |
-mike |
Archives