From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FoRlW-0005Th-10 for garchives@archives.gentoo.org; Thu, 08 Jun 2006 21:10:06 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k58L8i9W014223; Thu, 8 Jun 2006 21:08:44 GMT Received: from ns2.pil.dk (ns2.pil.dk [195.41.47.38]) by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k58L5aN9017326 for ; Thu, 8 Jun 2006 21:05:36 GMT Received: from osgiliath.brixandersen.dk (83.72.33.139.ip.tele2adsl.dk [83.72.33.139]) by ns2.pil.dk (Postfix) with ESMTP id 2165B7BA893 for ; Thu, 8 Jun 2006 23:05:36 +0200 (CEST) Received: by osgiliath.brixandersen.dk (Postfix, from userid 1000) id 1BA0FF0333; Thu, 8 Jun 2006 23:05:34 +0200 (CEST) Date: Thu, 8 Jun 2006 23:05:34 +0200 From: Henrik Brix Andersen To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Project Sunrise thread -- a try of clarification Message-ID: <20060608210534.GE6526@osgiliath> Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <44887368.9030302@gentoo.org> <20060608192004.GC6526@osgiliath> <1149796370.16025.21.camel@localhost> <20060608213507.528a03f2@snowdrop.home> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jTMWTj4UTAEmbWeb" Content-Disposition: inline In-Reply-To: <20060608213507.528a03f2@snowdrop.home> X-PGP-Key: http://dev.gentoo.org/~brix/files/HenrikBrixAndersen.asc User-Agent: Mutt/1.5.11 X-Archives-Salt: 8707b47a-1a86-4ef3-b32c-d2f6fed02bb1 X-Archives-Hash: 143972dde337926d600df8f8d9670a4d --jTMWTj4UTAEmbWeb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 08, 2006 at 09:35:07PM +0100, Ciaran McCreesh wrote: > On Thu, 08 Jun 2006 23:52:50 +0400 "Peter Volkov (pva)" > wrote: > | > Will you also review the code each and every ebuild pull down over > | > the internet? > |=20 > | And that is really exciting moment. :) The main difference between > | such overlay and wiki is that reading text never does `rm -rf /`. How > | can one stop such jokes? I think if this problem will be solved such > | overlay should be. >=20 > Somehow I think certain people aren't quite grasping the potential > security breaches with this whole thing... Slipping in malicious and > hard to detect code that gets executed by everybody is very very easy. My point exactly. Regards, Brix --=20 Henrik Brix Andersen Gentoo Metadistribution | Mobile computing herd --jTMWTj4UTAEmbWeb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: GnuPG signed iD8DBQFEiJEdv+Q4flTiePgRAgp2AKCNRm/e9vJ/wOiVg8eJ+BRxQTSWHQCdHgYQ JJJ28kXmdUnDxE/PQYKDlTU= =P7ZU -----END PGP SIGNATURE----- --jTMWTj4UTAEmbWeb-- -- gentoo-dev@gentoo.org mailing list