- Typo... Additional Security Project bugzilla notes * The Security Project is except (should that read "exempt"?)
- An intermediate level before masking might be issuing a warning if some simple, specific remediation measure can protect against a vulnerability. E.g. forcing cups to only listen to 127.0.0.1 or :1 - If you want to absolutely ensure that people are warned of a severe, but remediable vulnerability, is it acceptable to "break the build" by requiring a new local USE flag for the ebuild? I'm thinking of something like "glep_0001234", "glep_0001235", "glep_0001236", etc, and have the ebuild die if the flag is not set, and print out a URL for a security problem. This could be abstracted to make.conf with a new variable... GLEP="0001234 0001235 0001236 etc etc" This would probably be the last stage before masking. It would deliberately break the build, and require the user/admin to take manual action (add the flag for the GLEP) before proceeding further. This is a heavy-handed method, but masking is more final. -- Walter Dnes <waltd...@waltdnes.org> I don't run "desktop environments"; I run useful applications