Lorenz (xha) <m...@xha.li> wrote: > On Thu, Jul 18, 2024 at 09:50:56AM -0600, Theo de Raadt wrote: > > Lorenz (xha) <m...@xha.li> wrote: > > > > > On Thu, Jul 18, 2024 at 09:45:34AM -0600, Theo de Raadt wrote: > > > > Lorenz (xha) <m...@xha.li> wrote: > > > > > > > > > the HARE_TD_<files> are the "typedef" files, basically the equivalent > > > > > to C headers, but automatically generated by the compiler so we can > > > > > do resolution of types/functions/etc. in dependencies without having > > > > > to look at the source files themselves. > > > > > > > > > > i doubt that anyone is ever going to make use of more than 125 > > > > > imports. > > > > > > > > > > the problem is that i cannot simply restict that to one folder. they > > > > > could be anywhere (even though they are not usually). that'd > > > > > complicate > > > > > the patch a lot for... allowing more than 125 imports? > > > > > > > > > > the error message will not be particularly hard to read; i guess if > > > > > someone really hits the limit, we can do something about it then? > > > > > > > > So tell us --- when someone hits that limit, what do they need to > > > > do about it? > > > > > > > > What do they do then? > > > > > > modify this patch so it finds the common folder where the typedef > > > files are in and unveil to it instead. that's what i would do. > > > > > > > > You have not answered the question. > > > > And by not answering it, you have not justified the use of unveil(). > > sorry, then i don't understand your question.
This change gets commited, and the package now does unveil. A user on the internet finds out the package simply exits with a message. What do they do now? The software is not fit for purpose. You broke an actual use case.
