Gentoo Archives: gentoo-security

From: Paige Thompson <erratic@×××××.ws>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Security project meeting summary
Date: Tue, 22 Jul 2008 18:01:54
In Reply to: Re: [gentoo-security] Security project meeting summary by Robert Buchholz
misfit[1004]:~% sudo emerge -uva nethack

These are the packages that would be merged, in order:

Calculating dependencies |
!!! All ebuilds that could satisfy "games-roguelike/nethack" have been
!!! One of the following masked packages is required to complete your
- games-roguelike/nethack-3.4.3-r1 (masked by: package.mask)
# Tavis Ormandy <taviso@g.o> (21 Mar 2006)
# masked pending unresolved security issues #125902

For more information, see MASKED PACKAGES section in the emerge man page or
refer to the Gentoo Handbook.


On Tue, Jul 22, 2008 at 3:42 AM, Robert Buchholz <rbu@g.o> wrote:

> On Monday 21 July 2008, Aleksey V Lazar wrote: > > Hello. Would it be reasonable to suggest adding a ~security (or > > something like it) flag to denote packages masked for security > > reasons? > > Hi Aleksey, > > since entries package.mask only contain free text description as an > additional information, such a feature would require the package > manager to decide which entries are security maskings, and which are > feature maskings. While that could be done using > restrictions/conventions within the text, I am sure our package manager > developers would disagree with such a design. A "" > file might be more appropriate for that. > > My question now is, why would you want such a thing? Masked packages all > have different reasons to be there, and you should decide to use one on > a case-by-case basis. > > Regards, > Robert > >


Subject Author
Re: [gentoo-security] Security project meeting summary Robert Buchholz <rbu@g.o>