1 |
On 01/16/2018 08:32 PM, Mike Gilbert wrote: |
2 |
> On Tue, Jan 16, 2018 at 4:46 PM, Mike Frysinger <vapier@g.o> wrote: |
3 |
>> From: Mike Frysinger <vapier@××××××××.org> |
4 |
>> |
5 |
>> Some ebuilds are a bit hard to fix their use of the network in src |
6 |
>> phases, so allow them to disable things. This allows us to turn off |
7 |
>> access by default and for the vast majority while we work out how to |
8 |
>> fix the few broken packages. |
9 |
> |
10 |
> If we are going to allow network sandboxing to be disabled in |
11 |
> individual ebuilds, we should also allow the other sandboxes to be |
12 |
> disabled for the same reasons. sys-apps/sandbox has been notoriously |
13 |
> buggy, for example. |
14 |
|
15 |
Yeah, that sounds reasonable. We have ACCEPT_RESTRICT and |
16 |
package.accept_restrict in case people want to mask packages with |
17 |
certain restrict values. |
18 |
|
19 |
> Also, valid RESTRICT values are specified in PMS, so this really |
20 |
> belongs in an a new EAPI. |
21 |
|
22 |
PMS says: Package managers may recognise other tokens, but ebuilds may |
23 |
not rely upon them being supported. |
24 |
-- |
25 |
Thanks, |
26 |
Zac |