On Wednesday 20 June 2007, Olivier Crête wrote:
> On Wed, 2007-20-06 at 17:19 -0400, Mike Frysinger wrote:
> > the use of the binpkg is not an issue, it's the creation ... people
> > blindly creating tbz2's which could contain their sensitive files and
> > posting them
> >
> > i'll just go ahead with the feedback from Olivier and have quickpkg skip
> > CONFIG_PROTECT by default
>
> This will by default create potentially broken packages (since many just
> wont work without their CONFIG_PROTECTed files). That's why I suggested
> a big fat warning and accepting that we can't protect users against
> themselves or against social engineering (aka their own stupidity).

i think this would only be an issue where quickpkg is being run 
non-interactively and the output not being reviewed (which i also dont think 
is a common scenario for quickpkg) ... the new output of quickpkg will be 
explicit in what it is (or isnt) doing so there wont be any issue of "drive 
by" social engineering

as for dubbing people who are successfully socially engineered "stupid", i 
dont really think that's appropriate ... consider noobs on irc in #gentoo who 
just want to help and havent learned their way around yet.  are they stupid 
(well they might be, but lets give them the benefit of the doubt) ?  i'd 
liken the situation to a kid growing up ... kids arent stupid, they lack 
experience and calling them stupid isnt constructive
-mike