Hi Chris,
On 10/31/06, Chris Gianelloni <[EMAIL PROTECTED]> wrote:
On Tue, 2006-10-31 at 17:02 +0100, Stuart Herbert wrote:
> 3) ??
Get your hands on some of the minority arch hardware and help out?
It's a good idea. It's not an option for me, but hopefully others
will follow your advice.
Personally, I like the idea of package maintainers updating old
ebuilds with a prominent warning that the package is known to have
security holes, and then leaving it to the user to decide whether or
not to use the package. A suitable elog message (pointing the user at
the security bugs in question, and warning them that the package is
now unsupported as a result) in pkg_setup would do the trick.
If there's any interest in this solution, it'd wouldn't take very long
to add a suitable function to the eutils eclass, so that we can
standardise the behaviour.
Of course, it'd be even better if Portage itself could support this,
so that the warning could occur without manual intervention. But in
the meantime, adding a simple 'einsecure' function would be
sufficient.
Any interest?
Best regards,
Stu
--
--
gentoo-dev@gentoo.org mailing list
