From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D16B6139694 for ; Mon, 5 Jun 2017 17:50:39 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 546A0E0DC2; Mon, 5 Jun 2017 17:50:16 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 09BB9E0D43 for ; Mon, 5 Jun 2017 17:50:16 +0000 (UTC) Received: from katipo2.lan (unknown [203.86.205.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: kentnl) by smtp.gentoo.org (Postfix) with ESMTPSA id B584C340988 for ; Mon, 5 Jun 2017 17:50:14 +0000 (UTC) Date: Tue, 6 Jun 2017 05:49:23 +1200 From: Kent Fredric To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Last rites: www-client/phantomjs and dev-ruby/poltergeist Message-ID: <20170606054708.1f811680@katipo2.lan> In-Reply-To: References: <1496646687.9038.9.camel@gentoo.org> <20170605230605.099dfdc3@katipo2.lan> Organization: Gentoo X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/MCn=M1miNsi1OzqxT9UKj2U"; protocol="application/pgp-signature" X-Archives-Salt: 9f3b375a-a18e-47f1-8459-d0fe92374402 X-Archives-Hash: a0e4fd014a77a942e256a4d35edab7a5 --Sig_/MCn=M1miNsi1OzqxT9UKj2U Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 5 Jun 2017 13:42:50 -0400 Michael Orlitzky wrote: > Hans was > attempting to fix it, but now that upstream is dead, it will remain > insecure forever. IME, as long as that's clear from the pmask, and its clear what those security vectors are, as long as an end user makes sure those vectors can't happen, having an insecure-in-theory-but-not-in-practice phantomjs is better than having no phantomjs.=20 --Sig_/MCn=M1miNsi1OzqxT9UKj2U Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEPZazbI/qrFT1o9rn6FQySxNmqCAFAlk1mcIACgkQ6FQySxNm qCDkxBAAxhRa+kt75r8g7MNLFsW1J8eyN314JGCveMd7WZ7HL512MAuFf5wFh830 ar4q69G6ULYGISu6c38UpTdrgw4qDCsVusGUG3QGQE13xFqFQXVFmFOcqZ6YkeZJ npDu9DlCJ18yukA6KVNI7dosRDzQrKpdwmmaI4a0TuZmQN22wK//ocZNVpiEGmQK gVpHWCRrfa3AsV9nzDi/r0gqzph0TEeozUiwpMKVqNthQGvZbw20bg+hu6WhlT+y JE5CZSj+Bbq8fsc9qcMaMu91h/Eh2lvMCzVdvvKfCA/mBicnd6YXKftTORRdaXyA j0lo6N3fkwildfwCgNJetT5XgPKWf9jKa76vjZ88VUNWZx3Kh1Hy5CUJVJij+u+l J46RjvdfSCV9/Se8xpyn0WG/2qwob5FiIbnT47Rmh0nVN0JKl1LX9zGywjRgr/Zy 7mvBg+MrnfVMIbqvfFR6jc4A17Bo32FCBn1LIP67GgxohKjN14Cm2VVQ7kSnhZ2d ccc1lsmJEZR+ZHERr+E2PGqC7hL1SlEVCn/gSNijr2fQjxDbpqhFYoMN1UCVp+tP Ygb2bkgGY0H3ObH3g4yMYS0yzN/2CkwjBnT4noqaCeYcghNw6yPVEKpo87xTkhO1 w8qud8JzVK1Ycny7vEP5KJjrqrtvfl4V8j/P3BARJoCdkgMiEUc= =tok+ -----END PGP SIGNATURE----- --Sig_/MCn=M1miNsi1OzqxT9UKj2U--