On Tue, Oct 31, 2006 at 07:51:00PM +0000, Stuart Herbert wrote: > Hi Chris, > > On 10/31/06, Chris Gianelloni <[EMAIL PROTECTED]> wrote: > >On Tue, 2006-10-31 at 17:02 +0100, Stuart Herbert wrote: > >> 3) ?? > > > >Get your hands on some of the minority arch hardware and help out? > > It's a good idea. It's not an option for me, but hopefully others > will follow your advice. > > Personally, I like the idea of package maintainers updating old > ebuilds with a prominent warning that the package is known to have > security holes, and then leaving it to the user to decide whether or > not to use the package. A suitable elog message (pointing the user at > the security bugs in question, and warning them that the package is > now unsupported as a result) in pkg_setup would do the trick.
Rather see the keywords and masking status stripped down to just the arches that need that version. If folks need insecure ebuilds, cvs exists; trying to stick notices in is just an attempt to address a symptom, rather then the cause. That and notices are pretty damn easy to miss ;) ~harring
pgpb0NxB46Mn6.pgp
Description: PGP signature
