| 1 |
On Monday 08 November 2004 11:02, Alexander Holler wrote: |
| 2 |
> So you have on the one side carefully crafted environments to protect |
| 3 |
> the system/user from software-failures or attackers, but on the other |
| 4 |
> side there is portage which is run regulary and is fetching scripts from |
| 5 |
> the internet which are run unchecked by root. |
| 6 |
> |
| 7 |
> I think this explains why I doesn't understand that nobody cares about |
| 8 |
> that. |
| 9 |
|
| 10 |
It really seems to me like you are trolling. The first email you sent was done |
| 11 |
so after getting frustrated with Mike Frysinger's (vapier) closing of the |
| 12 |
"versioned eclasses" bug. Yet, what you are talking about here is absolutely |
| 13 |
nothing to do with that. You made most of the same statements on the bug, but |
| 14 |
they were off-topic in that bug's context as well. Furthermore, there is |
| 15 |
already another bug open for that off-topicness. |
| 16 |
|
| 17 |
So, let me give you an account of where I see things are at: |
| 18 |
* SHA1 support is in portage but can't be enabled yet due to compatibility |
| 19 |
issues. That is, enabling it will prevent user's running <portage-2.0.51 |
| 20 |
from being able to upgrade. |
| 21 |
* Ebuild signing support is in portage and is starting to be adopted. |
| 22 |
Presently, there is a push for developer education. |
| 23 |
* CVS portage now runs most ebuild phases as the portage user rather than |
| 24 |
root and work is being done to support the last few as well. |
| 25 |
* Eclass, package and profile signing are all currently being worked on (and |
| 26 |
had begun before you started trolling) |
| 27 |
|
| 28 |
The thing you seem to keep coming back to is why it hasn't already been |
| 29 |
completed. You've been given the answer to that several times - lack of time |
| 30 |
and higher priority issues. What I really would like to know is why you are |
| 31 |
trying to tie up so much more of the time of the people that you would have |
| 32 |
implement support for these critical features with these pointless emails? |
| 33 |
|
| 34 |
Regards, |
| 35 |
Jason Stubbs |
| 36 |
|
| 37 |
-- |
| 38 |
gentoo-security@g.o mailing list |
Archives