On Mon, Jul 1, 2013 at 1:56 PM, Tom Wijsman <tom...@gentoo.org> wrote: > On Mon, 1 Jul 2013 19:38:48 +0100 > Markos Chandras <hwoar...@gentoo.org> wrote: > >> I certainly don't feel safe anymore running non-upstream code in >> production boxes. > > You don't run it unless you explicitly tick on that you want > experimental functionality _as well as_ the optional features in > question; as I said earlier on chat, I don't understand your point here. > > If you don't enable them, genpatches is just like it is before; I'm > not sure why the recommendations should change here, especially with > vanilla-sources taking a further step away from Gentoo Security and QA. >
Tom, I think the point was well-made by grehkh. If the patchset patches the kernel's core, it doesn't matter what CONFIG_* option is set the core kernel code _has_now_been_changed_. This is the crux of the argument, I believe. AUFS simply being one example of this. I'm sure there are others. -- Matthew W. Summers Gentoo Foundation Inc. GPG: 111B C438 35FA EDB5 B5D3 736F 45EE 5DC0 0878 9D46
