1 |
On Friday 22 May 2015 12:09:34 Alan McKinnon wrote: |
2 |
> On 22/05/2015 12:44, Mick wrote: |
3 |
> > On Friday 22 May 2015 09:38:46 Neil Bothwick wrote: |
4 |
> >> On Fri, 22 May 2015 02:53:17 -0500, Dale wrote: |
5 |
> >>>> So I'm the 3rd one in row to state that I haven't had any deleterious |
6 |
> >>>> effects that I noticed. |
7 |
> >> |
8 |
> >> Make that 4. |
9 |
> >> |
10 |
> >>> When I first emerge a new kernel, I run make mrproper to get a good |
11 |
> >>> clean start. |
12 |
> >> |
13 |
> >> There's no point in that. When you have just emerged the sources, there |
14 |
> >> is nothing for mrproper to remove. |
15 |
> > |
16 |
> > So, coming back to the OP, is it advisable to ignore this message: |
17 |
> No. It's in the ebuild and we assume the ebuild writer had a reason for |
18 |
> putting it there. The usual reason is that upstream has said their code |
19 |
> requires an option to be set. |
20 |
> |
21 |
> Where would you have gotten the idea that ignoring it is good advice? |
22 |
|
23 |
Because the emerge did not stop to warn me about it, or require me to |
24 |
acknowledge before proceeding. Furthermore it tells me that bad things may |
25 |
happen, but doesn't explain what kind of bad things, referring to a URL if |
26 |
space does not allow. At this stage I am guessing that chromium's sandboxing |
27 |
mechanism is changed and it now requires a different memory allocation |
28 |
mechanism than what I had previously configured in my kernel. Having to |
29 |
configure my kernel to get a browser working sounds quite intrusive so I am |
30 |
worried some more. |
31 |
|
32 |
Looking at the changelog and then at bugs referred to there, I eventually |
33 |
arrived at CVE-2015-1252 [1] where the problem is explained: |
34 |
|
35 |
In any case, I think that something like this should invite user input at the |
36 |
start of the ebuild, rather than at the end? I haven't figured out yet if I |
37 |
will need to reinstall chromium after I have reconfigured my kernel ... in |
38 |
which case the warning should definitely come at the start of the ebuild. |
39 |
|
40 |
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1252 |
41 |
|
42 |
-- |
43 |
Regards, |
44 |
Mick |