| 1 |
On Monday 22 August 2005 12:52, Drake Wyrm wrote: |
| 2 |
> Alec Warner <warnera6@×××××××.edu> wrote: |
| 3 |
> > Was talking with Brian about the build environment and how settings |
| 4 |
> > were to be passed into the build environment. |
| 5 |
> > |
| 6 |
> > Essentially three scenarios were presented. |
| 7 |
> |
| 8 |
> Snip and summary: |
| 9 |
> |
| 10 |
> 1) Pass everything |
| 11 |
> |
| 12 |
> 2) Blacklist and strip bad stuff |
| 13 |
> |
| 14 |
> 3) Whitelist good stuff; strip everything else |
| 15 |
> |
| 16 |
> > To me 1) is unacceptable and 3) is the best option. Feel free to |
| 17 |
> > shoot these down as you see fit ;) |
| 18 |
> |
| 19 |
> Option 4: Strip everything. |
| 20 |
> |
| 21 |
> Nothing is passed from the original environment; everything passed in the |
| 22 |
> environment is considered to be a "portage variable". This, I suppose, |
| 23 |
> is an extreme case of the whitelist. |
| 24 |
|
| 25 |
Well, I'll go against the flow. ;) |
| 26 |
|
| 27 |
My preference would go 4, 3, 2 then 1. While Makefiles and configure scripts |
| 28 |
may be "broken" upstream, how long is it before the breakage goes |
| 29 |
unnoticed? More importantly, what's the chances of a dev finding the |
| 30 |
breakage before users? Cleansing the environment to me is akin to using |
| 31 |
sandbox. It offers protection against misbehaving packages... |
| 32 |
|
| 33 |
-- |
| 34 |
Jason Stubbs |
Archives