On Wed, Oct 6, 2010 at 7:36 AM, Mike Frysinger <vap...@gentoo.org> wrote: > On Tuesday, October 05, 2010 10:35:57 Nirbheek Chauhan wrote: >> To fix this problem sqlite upstream made a specific change allowing a >> #pragma to be used to define where secure-delete is required, avoiding >> the need to use secure-delete *everywhere*. > > so what you're saying is that this USE flag can die once people fix/update > their packages > -mike >
What I'm saying is that mozilla team will not do it unless you either: (a) You convince/bribe/cluebat upstream (we've tried and failed), or (b) You write a patch that you promise to maintain forever with quick responses for security bumps Keep in mind that firefox usually only works with a very narrow range of sqlite versions. If it's too low, it won't compile, or have runtime failures (when they forget to update the min system-sqlite version). If it's too high, it'll have strange runtime bugs since firefox relies too heavily on existing sqlite behaviour[1]. 1. https://bugzilla.mozilla.org/show_bug.cgi?id=583611 -- ~Nirbheek Chauhan Gentoo GNOME+Mozilla Team