From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16745 invoked by uid 1002); 7 Sep 2003 20:14:18 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 22760 invoked from network); 7 Sep 2003 20:14:18 -0000 From: Kevyn Shortell To: Jan Krueger Cc: azarah@gentoo.org, Troy Dack , Gentoo-Dev In-Reply-To: <200309071831.38800.jk@microgalaxy.net> References: <1062950837.8455.126.camel@nosferatu.lan> <200309071821.19495.jk@microgalaxy.net> <200309071831.38800.jk@microgalaxy.net> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-i4YsCF8kpkpHdFMpxCWG" Organization: Message-Id: <1062965649.6804.13.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.4- Date: 07 Sep 2003 13:14:10 -0700 Subject: Re: [gentoo-dev] Some suggestions X-Archives-Salt: be5b5dc4-153c-4fae-a970-f813b00655d9 X-Archives-Hash: bd18b241f78be1579589777435742c26 --=-i4YsCF8kpkpHdFMpxCWG Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Don't you think the ebuilds get tested before they're pushed out to the tree? If an ebuild was going to delete the contents of the hard drive, a dev would be the first person to find out. And any user, can simply as root, type rm -rf /*... do we need to also come up with a preventive measure for that 'exploit' as well? We're not going to have training wheels on the world. If you're that ultra paranoid about breaking your system, perhaps you should hand walk each ebuild before emerging it, and then emerge it when you feel safe. In the meantime, I think the small army of devs and testers who've already emerged it and deemed it working is sufficient for just about everyone. trance On Sun, 2003-09-07 at 11:31, Jan Krueger wrote: > On Sunday 07 September 2003 18:21, Jan Krueger wrote: > > put > > rm -rf / > > in src_install > > > > See the difference? >=20 > What i meant to show is: > as long as there is the possibility to wipe the box from within an ebuild= it=20 > is just a matter of time until this gets exploited. >=20 > Jan >=20 >=20 > -- > gentoo-dev@gentoo.org mailing list >=20 --=-i4YsCF8kpkpHdFMpxCWG Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA/W5GREv5Qt5rjz1YRAi2xAJ41le1VDAiFtwvryDVDqYWrMxUI3ACfX3Co GmzM8jd69ZOEtaIB9iUmOmI= =SC2t -----END PGP SIGNATURE----- --=-i4YsCF8kpkpHdFMpxCWG--