On 01/16/2018 08:32 PM, Mike Gilbert wrote: > On Tue, Jan 16, 2018 at 4:46 PM, Mike Frysinger <vap...@gentoo.org> wrote: >> From: Mike Frysinger <vap...@chromium.org> >> >> Some ebuilds are a bit hard to fix their use of the network in src >> phases, so allow them to disable things. This allows us to turn off >> access by default and for the vast majority while we work out how to >> fix the few broken packages. > > If we are going to allow network sandboxing to be disabled in > individual ebuilds, we should also allow the other sandboxes to be > disabled for the same reasons. sys-apps/sandbox has been notoriously > buggy, for example.
Yeah, that sounds reasonable. We have ACCEPT_RESTRICT and package.accept_restrict in case people want to mask packages with certain restrict values. > Also, valid RESTRICT values are specified in PMS, so this really > belongs in an a new EAPI. PMS says: Package managers may recognise other tokens, but ebuilds may not rely upon them being supported. -- Thanks, Zac
signature.asc
Description: OpenPGP digital signature
