public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: Peter Stuge <peter@stuge.se>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] removing vulnerable versions of dev-lang/v8
Date: Fri, 8 Nov 2013 16:25:48 +0100	[thread overview]
Message-ID: <20131108152548.32499.qmail@stuge.se> (raw)
In-Reply-To: <CAHcsgXS-qc+rFp5G0jvWWF=KtPwSQsa5GqYFgOxLgM50EynGhw@mail.gmail.com>

Diego Elio Pettenò wrote:
> > Problem #1 is that sci-geosciences/osgearth-2.4 depends on
> > =dev-lang/v8-3.18.5.14 (see
> > <https://bugs.gentoo.org/show_bug.cgi?id=484786> for context). It
> > doesn't work with more recent v8, but it can be made to not depend on v8.
> 
> If "made not to depend" means "bundle", is the bundled version any safer
> than the ebuild there? If the answer is no, you're now increasing the
> security issue.

Based on my previous impression I OTOH assumed that Paweł meant
disabling use of v8, but since I don't use either package I didn't
look at the bug.

Your email made me more curious, and as Paweł wrote the bug gives
plenty of context, among other things Paweł has attached a patch
there to disable v8 in osgearth.

I think it's commendable that he doesn't settle for simply masking
osgearth along with v8.


//Peter


  reply	other threads:[~2013-11-08 15:26 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-08  5:22 [gentoo-dev] removing vulnerable versions of dev-lang/v8 "Paweł Hajdan, Jr."
2013-11-08 14:42 ` Ian Stakenvicius
2013-11-08 15:00   ` Rich Freeman
2013-11-08 15:18 ` Diego Elio Pettenò
2013-11-08 15:25   ` Peter Stuge [this message]
2013-11-08 21:49   ` hasufell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131108152548.32499.qmail@stuge.se \
    --to=peter@stuge.se \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox