From: Peter Stuge <peter@stuge.se>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8
Date: Fri, 8 Nov 2013 16:25:48 +0100 [thread overview]
Message-ID: <20131108152548.32499.qmail@stuge.se> (raw)
In-Reply-To: <CAHcsgXS-qc+rFp5G0jvWWF=KtPwSQsa5GqYFgOxLgM50EynGhw@mail.gmail.com>
Diego Elio Pettenò wrote:
> > Problem #1 is that sci-geosciences/osgearth-2.4 depends on
> > =dev-lang/v8-3.18.5.14 (see
> > <https://bugs.gentoo.org/show_bug.cgi?id=484786> for context). It
> > doesn't work with more recent v8, but it can be made to not depend on v8.
>
> If "made not to depend" means "bundle", is the bundled version any safer
> than the ebuild there? If the answer is no, you're now increasing the
> security issue.
Based on my previous impression I OTOH assumed that Paweł meant
disabling use of v8, but since I don't use either package I didn't
look at the bug.
Your email made me more curious, and as Paweł wrote the bug gives
plenty of context, among other things Paweł has attached a patch
there to disable v8 in osgearth.
I think it's commendable that he doesn't settle for simply masking
osgearth along with v8.
//Peter
next prev parent reply other threads:[~2013-11-08 15:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-08 5:22 [gentoo-dev] removing vulnerable versions of dev-lang/v8 "Paweł Hajdan, Jr."
2013-11-08 14:42 ` Ian Stakenvicius
2013-11-08 15:00 ` Rich Freeman
2013-11-08 15:18 ` Diego Elio Pettenò
2013-11-08 15:25 ` Peter Stuge [this message]
2013-11-08 21:49 ` hasufell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131108152548.32499.qmail@stuge.se \
--to=peter@stuge.se \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox