Joonas Niilola wrote:
Hey,
I'll admit I didn't read everything, but I just want to point out you
may not have to edit ebuilds at all. If xz-utils is package.provided
portage should ignore the dependency without you removing the dep from an
ebuild. Then you can utilize /etc/portage/patches to a
Michael Orlitzky wrote:
On Sun, 2024-04-07 at 15:07 +0200, Andreas K. Huettel wrote:
tl;dr can we turn them back off in the profile? In any scenario where
they are beneficial, there's a better place to put them.
Easily doable with lzma, if there is consensus for it.
Slightly more complex
Sam James wrote:
> Eddie Chapman writes:
>> Below is a guide I've written to removing app-arch/xz-utils in case
>> anyone else wants to do so. Attached is the current version of the Bash
>> wrapper script I now use in place of /usr/bin/xz
>>
>> Comments, co
Fabian Groffen wrote:
> If you just want to verify signatures and manifests after sync,
> qmanifest from portage-utils can help you do this.
>
> Thanks,
> Fabian
Thanks for the pointer, and I see you are one of the authors, thanks for
writing a very useful tool!
On 04/04/2024 15:24, Eddie Chapman wrote:
Since there appears to be some interest I'll put together a single email
to the list later today detailing everything, as I needed to do more
things overall in addition to replacing /usr/bin/xz.
Below is a guide I've written to removing a
Sam James wrote:
> Eli Schwartz writes:
>
>> On 4/3/24 11:30 AM, Eddie Chapman wrote:
>>
>>> Just to report I've been able to remove app-arch/xz-utils from my own
>>> workstation, with 2412 packages installed and running kde. I'm going
>>>
Eli Schwartz wrote:
> On 4/3/24 11:30 AM, Eddie Chapman wrote:
>
>> Just to report I've been able to remove app-arch/xz-utils from my own
>> workstation, with 2412 packages installed and running kde. I'm going to
>> roll it out to my other gentoo systems which h
Just to report I've been able to remove app-arch/xz-utils from my own
workstation, with 2412 packages installed and running kde. I'm going to
roll it out to my other gentoo systems which have a lot less stuff on them
so am confident will be fine. It's not completely trivial but not as
difficult as
On 02/04/2024 20:46, Eli Schwartz wrote:
On 4/2/24 4:43 AM, Eddie Chapman wrote:
Well, they change one thing. It's hard for the security professionals at
work to deal with things when they are constantly having to respond to the
three-ring circus.
This is a complaint I hear very often
On 01/04/2024 15:56, Azamat Hackimov wrote:
There is no problem in the XZ/LZMA format itself as the reference
algorithm is not compromised. It's all about trust between developers
of application and developers of distribution. If you lost trust to
xz-utils's developers, you may use alternatives l
Michał Górny wrote:
> On Mon, 2024-04-01 at 08:57 +0100, Eddie Chapman wrote:
>
>> I stand by and reiterate my view that there is far too much of a
>> cavalier attitude towards the matter in general out there including here
>> in Gentoo. But not in particular here, it is
OK, I said I was done and this is a waste of time for everyone, but if
people want to keep the discussion going I'll bite :-)
Eli Schwartz wrote:
> But also, please keep in mind that 98% of all people on the internet can
> do whatever they want and it simply doesn't matter. They are public
> comme
Matt Jolly wrote:
> Hi Eddie,
>
> On 31/3/24 21:13, Eddie Chapman wrote:
>
>> At the moment there is far too much of
>> a cavalier attitude about the whole thing being shown by too many,
>> including here I'm sad to see.
>
> It's obvious that this is
Eli Schwartz wrote:
> On 3/29/24 11:07 PM, Eddie Chapman wrote:
>
>> Given what we've learnt in the last 24hrs about xz utilities, you could
>> forgive a paranoid person for seriously considering getting rid
>> entirely of them from their systems, especi
Eddie Chapman wrote:
> Michał Górny wrote:
>
>> On Sat, 2024-03-30 at 14:57 +, Eddie Chapman wrote:
>>
>>
>>> Note, I'm not advocating ripping xz-utils out of tree, all I'm saying
>>> is wouldn't it be nice if there were at least 2
Stefan Schmiedl wrote:
> -- Original Message --
>
>> From "Eddie Chapman"
>>
> To gentoo-dev@lists.gentoo.org
> Date 30.03.2024 16:17:19
> Subject Re: [gentoo-dev] Current unavoidable use of xz utils in Gentoo
>
>> Michał Górny wrote:
&
Rich Freeman wrote:
> On Sat, Mar 30, 2024 at 10:57 AM Eddie Chapman wrote:
>
>> No, this is the the bad actor *themselves* being a
>> principal author of the software, working stealthily and in very
>> sophisticated ways for years, to manoeuvrer themselves and their
>
Michał Górny wrote:
> On Sat, 2024-03-30 at 15:17 +0000, Eddie Chapman wrote:
>
>> Michał Górny wrote:
>>
>>> On Sat, 2024-03-30 at 14:57 +, Eddie Chapman wrote:
>>>
>>>
>>>> Note, I'm not advocating ripping xz-utils out of tre
Michał Górny wrote:
> On Sat, 2024-03-30 at 14:57 +0000, Eddie Chapman wrote:
>
>> Note, I'm not advocating ripping xz-utils out of tree, all I'm saying
>> is wouldn't it be nice if there were at least 2 alternatives to choose
>> from? That doesn't have
Rich, Duncan, Dale, orbea, you have to admit the situation with xz-utils
is nothing like the typical scenario people usually worry about, where a
bad actor manages to compromise a project and slip something into a widely
used piece of software. No, this is the the bad actor *themselves* being a
pri
Given what we've learnt in the last 24hrs about xz utilities, you could
forgive a paranoid person for seriously considering getting rid entirely
of them from their systems, especially since there are suitable
alternatives available. Some might say that's a bit extreme, xz-utils
will get a thorough
Alex Boag-Munroe wrote:
> On Thu, 14 Sept 2023 at 18:20, Eddie Chapman wrote:
>
>
>> However, I believe what I'm proposing would not have
>> the result you're predicting as it would no longer be falsely promising
>> something it cannot deliver,
>>
>
Rich Freeman wrote:
> On Thu, Sep 14, 2023 at 12:50 PM Eddie Chapman wrote:
>
>>
>> if people want to run the damn thing just let them be!
>
> If you keep using eudev, and you don't tell anybody about it, then
> they won't even know. Nobody is keeping anybody
Matt Turner wrote:
> On Thu, Sep 14, 2023 at 10:17 AM Eddie Chapman wrote:
>
>> Of course whether the Gentoo community would deem me as a suitable
>> maintainer and be willing to accept me as such is another matter
>> entirely.
>
> You don't need any permissio
Alex Boag-Munroe wrote:
> A maintainer would need to be willing to uphold the "provides
> virtual/libudev, honest guv" as well as deliver on the promises it makes
> when it tells pkgconf what version it is. Not doing so is a support and
> user headache later when more things use the new tags inte
Alex Boag-Munroe wrote:
> On Thu, 14 Sept 2023 at 16:30, Eddie Chapman wrote:
>>
>> Alex Boag-Munroe wrote:
>>
>>> On Thu, 14 Sept 2023 at 15:17, Eddie Chapman wrote:
>>>
>>>> Andrew Ammerlaan wrote:
>>>>
>>>>
>>
Alex Boag-Munroe wrote:
> On Thu, 14 Sept 2023 at 15:17, Eddie Chapman wrote:
>
>> Andrew Ammerlaan wrote:
>>
>>
>>> If someone were to step up and say they are willing to spend their
>>> time and effort maintaining eudev and fixing the open issues
Andrew Ammerlaan wrote:
> If someone were to step up and say they are willing to spend their time
> and effort maintaining eudev and fixing the open issues then sure we can
> keep it, I never said otherwise. However this package has been
> maintainer-needed for quite a long time now and no one has
Andrew Ammerlaan wrote:
> On 12/09/2023 23:23, Eddie Chapman wrote:
>
>> Andrew Ammerlaan wrote:
>>>
>>> On 12 September 2023 21:47:31 CEST, Eddie Chapman
>>> wrote:
>>>
>>>> Andreas K. Huettel wrote:
>>>>
>>>&g
Eli Schwartz wrote:
> On 9/12/23 3:47 PM, Eddie Chapman wrote:
>
>> Andreas K. Huettel wrote:
>>
>>> The eudev experiment has failed.
>>> * It was false labeling from the start.[*]
>>> * It's barely alive and not keeping up with udev upstream.
>
Matt Turner wrote:
> On Tue, Sep 12, 2023 at 5:23 PM Eddie Chapman wrote:
>
>> Why would you think that by having an alternative in tree it means that
>> everyone else is then forced into doing work that they don't want to
>> and it will inconvenience everyone?
>
Andrew Ammerlaan wrote:
>
> On 12 September 2023 21:47:31 CEST, Eddie Chapman wrote:
>
>> Andreas K. Huettel wrote:
>>
>>> The eudev experiment has failed.
>>> * It was false labeling from the start.[*]
>>> * It's barely alive and not keeping
Andreas K. Huettel wrote:
I'm an outsider to Gentoo development (just a heavy user for over a
decade both personally and professionally) so I might have missed
something. I just find it puzzling.
>>>
>>> I'm not puzzled by what is going on, or by your email, because it
>>> happens b
orbea wrote:
> On Tue, 12 Sep 2023 20:23:49 +0300
> Alexe Stefan wrote:
>
>> All this makes me wonder, what really is the reason for this shitshow.
>> Something tells me systemd and it's shims will never be without a
>> maintainer, regardless of how "popular" they are among gentoo folks. All
>> th
Sam James wrote:
>
> Rich Freeman writes:
>
>> On Tue, Sep 12, 2023 at 9:36 AM Eddie Chapman wrote:
>>
>>> in Gentoo. Have any of these 4 maintainers publicly said (anywhere)
>>> that they are not interested in being maintainers anymore (which is
>>&g
martin-kokos wrote:
> --- Original Message ---
> On Tuesday, September 12th, 2023 at 3:36 PM, Eddie Chapman
> wrote:
>
>> Sam James wrote:
>>
>>> "Eddie Chapman" ed...@ehuk.net writes:
>>>
>>>>>> So what's
Rich Freeman wrote:
> On Tue, Sep 12, 2023 at 9:36 AM Eddie Chapman wrote:
>
>> in Gentoo. Have any of these 4 maintainers publicly said (anywhere)
>> that they are not interested in being maintainers anymore (which is fine
>> if that is the case)? We're not talking
Sam James wrote:
>
> "Eddie Chapman" writes:
>>>> So what's the situation with the current Gentoo maintainers? Have
>>>> they disappeared? I often see on here packages being offered up for
>>>> grabs. Why
>>>> hasn&#x
Sam James wrote:
>
> "Eddie Chapman" writes:
>
>> Sam James wrote:
>>>
>>> Dale writes:
>>>
>>>> orbea wrote:
>>>>> On Mon, 11 Sep 2023 17:29:47 +0200
>>>>> "Andreas K. Huettel" wrote:
>&g
Sam James wrote:
>
> Dale writes:
>
>> orbea wrote:
>>> On Mon, 11 Sep 2023 17:29:47 +0200
>>> "Andreas K. Huettel" wrote:
>>>
Am Montag, 11. September 2023, 17:22:43 CEST schrieb orbea:
> Upstream is maintained still.
>
> https://github.com/eudev-project/eudev
>
No
On 09/09/2023 20:09, David Seifert wrote:
# David Seifert (2023-09-09)
# Unmaintained, depends on PHP 8.0. Removal on 2023-10-09.
www-apps/icingaweb2-module-director
www-apps/icingaweb2-module-incubator
I use these two and FWICT they do not depend specifically on php 8.0.
It's just that no on
On 24/07/2021 16:16, Michał Górny wrote:
Hi, everyone.
I've been asked to repost the idea of removing SHA512 hash from
Manifests, effectively limiting them to BLAKE2B.
The 'old' set of Gentoo hashes including SHA512 went live in July 2012.
In November 2017, we have decided to remove the two oth
On 24/11/2019 12:15, Benda Xu wrote:
Given the python-2 countdown deadline being 2020-01-01, a month away,
shall we get rid of python-2?
If the answer is no, to avoid holding back new versions having only
python3, such as bug 671796 for dev-python/matplotlib bump, old versions
with python_t
43 matches
Mail list logo
