From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FoT0A-0000pB-SX for garchives@archives.gentoo.org; Thu, 08 Jun 2006 22:29:19 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k58MPsXZ002153; Thu, 8 Jun 2006 22:25:54 GMT Received: from smtp03.gnvlscdb.sys.nuvox.net (smtp.nuvox.net [64.89.70.9]) by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k58MGtmt014800 for ; Thu, 8 Jun 2006 22:16:55 GMT Received: from cgianelloni.nuvox.net (216.215.202.4.nw.nuvox.net [216.215.202.4]) by smtp03.gnvlscdb.sys.nuvox.net (8.12.11.20060308/8.12.11) with SMTP id k58MH3U6008650 for ; Thu, 8 Jun 2006 18:17:03 -0400 Received: by cgianelloni.nuvox.net (sSMTP sendmail emulation); Thu, 8 Jun 2006 18:14:38 -0400 Subject: Re: [gentoo-dev] Project Sunrise thread -- a try of clarification From: Chris Gianelloni To: gentoo-dev@lists.gentoo.org In-Reply-To: <20060608213507.528a03f2@snowdrop.home> References: <44887368.9030302@gentoo.org> <20060608192004.GC6526@osgiliath> <1149796370.16025.21.camel@localhost> <20060608213507.528a03f2@snowdrop.home> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-QvCRc1ATREAPF4H5koqk" Organization: Gentoo Linux Date: Thu, 08 Jun 2006 18:14:37 -0400 Message-Id: <1149804878.19443.114.camel@cgianelloni.nuvox.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.6.1 X-Archives-Salt: eb1a12f4-fc1a-4b4d-ada3-bd16bfa59c1c X-Archives-Hash: fd27a325af0330fb5d0f19354fde4dc3 --=-QvCRc1ATREAPF4H5koqk Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2006-06-08 at 21:35 +0100, Ciaran McCreesh wrote: > On Thu, 08 Jun 2006 23:52:50 +0400 "Peter Volkov (pva)" > wrote: > | > Will you also review the code each and every ebuild pull down over > | > the internet? > |=20 > | And that is really exciting moment. :) The main difference between > | such overlay and wiki is that reading text never does `rm -rf /`. How > | can one stop such jokes? I think if this problem will be solved such > | overlay should be. >=20 > Somehow I think certain people aren't quite grasping the potential > security breaches with this whole thing... Slipping in malicious and > hard to detect code that gets executed by everybody is very very easy. You mean like: perl -e 'print i=3Dpack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' I'm sure everyone will get what that means in a quick cursory glance... and of course repoman will know what it does, right? *grin* --=20 Chris Gianelloni Release Engineering - Strategic Lead x86 Architecture Team Games - Developer Gentoo Linux --=-QvCRc1ATREAPF4H5koqk Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQBEiKFNkT4lNIS36YERAkA1AKC+pFSsRupyCaMOp7QkEBPa5fw+7ACfStNG O1FCNZIUNuPwY4kFoxxAAKw= =ZUqD -----END PGP SIGNATURE----- --=-QvCRc1ATREAPF4H5koqk-- -- gentoo-dev@gentoo.org mailing list