From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A1795138334 for ; Fri, 3 Jan 2020 16:29:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D08A7E0A6B; Fri, 3 Jan 2020 16:29:02 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4CC02E0982 for ; Fri, 3 Jan 2020 16:29:02 +0000 (UTC) Received: from [192.168.86.249] (pool-108-44-175-72.clppva.fios.verizon.net [108.44.175.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: bman) by smtp.gentoo.org (Postfix) with ESMTPSA id 2EB0634DECF for ; Fri, 3 Jan 2020 16:29:01 +0000 (UTC) Date: Fri, 03 Jan 2020 11:28:58 -0500 User-Agent: K-9 Mail for Android In-Reply-To: References: <3197490.ugo6OjCCXa@daneel.sf-tec.de> <1794534.0xJHuh4lKC@crazyhorse> <19015309.XG3PSQ8cOu@daneel.sf-tec.de> <5537134e-0412-862d-e105-94c678229b46@gentoo.org> <2dd351b3-0f71-4960-ffde-2f5a99ab161d@gentoo.org> <9b48db99-19dc-617b-c0d4-ffa0216b43be@gentoo.org> <5258410f-a8a4-38bf-4885-c1d4265b40f5@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Autocrypt: addr=bman@gentoo.org; keydata= mQINBFlxDdABEADguU99UYtXZ76xx3grAhKXu7KXjHO8rZa8ruNUG2S67n+G3Jt2eVfMJXMpQSyp SzFrRWxtHwnAJ27aV9UYMvv/W7d3f1XSFGcxoA9PZVOFCHACV/c3F0cwxOeBHaIfYWoSRfzYa9Ou 43E8n0NPDSYvi49dLZEQPwWOAApJgP1t/mVv2S0C3kZnhW1/hry2mPSomd3O1rH5f7Lztc/NiSy+ 7iNPAzyavrYhCzNiVOOIoCtiGsI7hQ+WLaXoqK5TaVS0eTV7yLWX7p9/3Vxqj4oQgZsQgP4V2n/+ /1zWsb5N0e7M5yX8H4jbwykthrPXA2NHShjYfNQEce7tQhKqoVLh0KzQH2xmSQ1+CnVxt0JvisTN ambt+gDJ4df/TWDXGNnX7y4meX5adXSWoGMvvmf/Ple5gTCdmrptzDlPVeTTeH0oAtMsSMAnKe14 aVMYCdzWtrAA3PRP1OLue0Ewm+uYxBO8zl3e3Jtc4LwO2L7/lA7UIsr1pXSlksQUmvmdoWiorfOX z8ECzGnJjR8VC4g3bjvD2yykjjMLj3ojX7qNR9FomjaOkwgWw3cMad/EgNP7jaZEYQ0vu/P2m5mM B1RwB8fIiq5Qrc4EAyCGccxyzi8r7ZlAWRCvZwingkw+Y7KoQPZCpdZl8a9YHTlxhVcXku3dbrPK mIMiKr9Nh98OnQARAQABtB5BYXJvbiBCYXVtYW4gPGJtYW5AZ2VudG9vLm9yZz6JAlQEEwEIAD4W IQTDsQsHINPwUslIfNwegUuP1GfgpAUCWXEN0AIbAwUJBaOagAULCQgHAgYVCAkKCwIEFgIDAQIe AQIXgAAKCRAegUuP1GfgpC2gD/4sxZLNeljqz+qI45KaM8aGN4jcR2fhP+KPzjtDbZmuRxwWpjJZ FPB22++NzYjyrOMg16l0GvBpIFUPloOPijdDwlxkS4Qx+s+i6qTM0YKDbc6e8fqvt5Y82YwAq11a kJPrTbLO9xRyTnFSqL6DGMu4vkXX0OWXeTZxKJBDDJ7RgFuWSxYDo4EHUaKhTo9esbHvc6+9jrTo n6tWUiFfQdp/hAFRo5F58gxIemkTc3xyYK95U5qcIFH9x81MInuWLsNUvB70wrY2QPsKxzF5DjPO bbV6W3r2SWHDBiw8cleb8gqhZcVmfMZSwNIrHT1ItxVT/KUgr9Jix11yRQITrzrQHQJmBCf0H3Et +j/mrW8aIUbRxqqk/gc7LXQ6MtnY+qALQvkgwsbfYjjIyVZmEvxSeJy38a39Cu9E2Q73muBvNql+ AM20ymqYp6QtpY4KwoU3fGxCnGlxKVpeuY11YKrMCp33AcsmMM2ttJXp88CCfNk4/358eP3AlE4V MwQ4ZuhxHkFzMN9Iz9kS0y7ZqZaR2rGoUV7apNBFrTa7FaH9m7HjL5UFHAqQzwLbxX10Rvfi+eVa VcISWb2qB46u+aNpEZBsiexYriw4pk+/uuf4w9BItWLA5MzgqG3B5Gs2+uMC1cIR7p6/9oPFd5XM fASWg7dfQicduGCNqrG8Z7nS+rkBDQRdH6hEAQgA4bofqBwh9GZ9vovZkyzlhVM8NdU0pWQ4MRpj SSR9A2gUEv/iF/QEL+Bnt7TmlVHhd33Q0f6PXA5/CSRf/OOR4mAL1W/j5gH76QCz1yubOtgMRKyZ kHxSy7O/O4ifKJbIIIBmOh5t8atLdiLSjkq5nJoDsYIpz57JmlAyowRwhUE50HR48ej/GA80Nbp0 GmBJ7f6wDHBsDuqiv4qAEbKwVwRiLp0yHOyiAtQkfH+wJyNs+/q66NMUAOqToI9jmdEEUJeZSz00 Zy//vdcx84ReYxREr55YgtRbVSfwT7WyP/BpxzsGFY+uUP3u7T36o2L/HPa8w9HttEWxjsFdZjXC iQARAQABiQI8BBgBCAAmFiEEw7ELByDT8FLJSHzcHoFLj9Rn4KQFAl0fqEQCGwwFCQHhM4AACgkQ HoFLj9Rn4KSzmxAAwdA0nwgl2bKlErNLE9Jd06htqq6LbHzEiBWlgHGneyRBfc/0AVkgCHQW0aRg pVZpekpQLZDAn10XVDNXkxA8EmaHfnU7zJJT9QxIIRdD5+HM6+e1GBMlCRvCNgAxeWsfzBK1n2BG JaShG1h6SFhDGOSIP7++alofjvxU1bTVakcrlsfb0bVUjjR5gQnv1H5Wea6TNOSTPo/f0ZMR0onZ fQVQLsuGrJskOT9ZuG8Ts7pOIfayFPMU2+jTf2XxEVAHFHawFpA0oP8iyeS2d6NpHy8xxRHA69uQ eEdr+SeQKn8hvFjK6jIAxJREdNEm/QbdcVwD3ECv9V8N8TVm1JH94N8MsIEQT9Qxm7TgES0ibCDl LqpDAvhxp3GFXTZNxW8lCEvd8pOECsEophntFNvmR8gFr/e+/hchzaoy47lA7L5sgDTDyp9hsAlY YTCxcAE7sVy1sSxv3zxLLxNtQmK94fNItaW6RCQEd8HN06LbVXD+4uZtFUREjATLf18pjNDpAvYX S1/XywZSyagLU2HHhsR9//um6HQbOxP3ya3/KL2imZo1vkv8pkQQwDBtTwj0oF1cTELoviAEfbHx LJ6dWHqVjHKtkVC357Mq8ITp8J3QiQ2Sd7m3hNIjj3l5nY5zw1lPIJzs+uy/UpsNADO0FPKspG5P 1dbokcVlSli6tck= Subject: Re: [gentoo-dev] Vanilla sources To: gentoo-dev@lists.gentoo.org From: Aaron Bauman Message-ID: <1D58FC4F-EBE7-470C-BB59-6BA54314F740@gentoo.org> X-Archives-Salt: 0f19d022-5c6e-4bfb-a326-d7d265b14a1d X-Archives-Hash: d51157edaee2323b758a2f13803685f9 On January 3, 2020 9:55:31 AM EST, Michael Orlitzky wro= te: >On 1/3/20 9:52 AM, Michael Orlitzky wrote: >>=20 >> But here we are=2E Do we make OpenRC Linux-only and steal the fix from >> systemd? Or pretend to support other operating systems, but leave >them >> insecure? >>=20 > >Or the gripping hand: rewrite opentmpfiles in C, so that it's only as >insecure as checkpath=2E > >Every option sucks=2E I was only trying to point out that vanilla-sources >gets no security support -- security@ has stated this, but it's on a >private bug, so I won't quote it -- and the risk is more than academic=2E This should be known=2E Security does not support vanilla-sources=2E This = is one reason vanilla-sources are not stabilized=2E=20 --=20 Sent from my Android device with K-9 Mail=2E Please excuse my brevity=2E