public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: Kent Fredric <kentnl@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Re: Guidelines for dangerous USE flags
Date: Tue, 29 Aug 2017 21:21:09 +1200	[thread overview]
Message-ID: <20170829211332.61f19e10@katipo2.lan> (raw)
In-Reply-To: <pan$31fa8$2869469$a0faf664$62b090b8@cox.net>

[-- Attachment #1: Type: text/plain, Size: 1099 bytes --]

On Thu, 24 Aug 2017 03:06:13 +0000 (UTC)
Duncan <1i5t5.duncan@cox.net> wrote:

> nrpe-command-args-SECURITY-HOLE
> or just
> nrpe-GAPING-SECURITY-HOLE

That's probably excessive, if you set that USE flag globally, you
deserve what you get.

And if you are responsible and you know what you're getting, then you
should be allowed to do that ( even though I struggle to understand why
)

For everything else there are etc/portage/package.use

Or maybe it could be a required-use:

REQUIRED_USE="nrpe? ( GAPING_SECURITY_HOLE )"

Alternatively, you could have a pkg_pretend like:

pkg_pretend() {
   if [[use nrpe && ! has "${CATEGORY}/${PN}" "${GAPING_SECURITY_HOLE}" ]]; then
     einfo "nrpe feature introduces a security risk where in blah blah"
     einfo "     blah, please read https://wiki.gentoo.org/etc/etc for"
     einfo "     details and how to enable this"
     die "Security Hole Not Permitted"
   fi
}

But I say that only because current REQUIRED_USE feature makes it nigh
impossible to understand from a human perspective what that assertion
means.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  reply	other threads:[~2017-08-29  9:21 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-22 17:22 [gentoo-dev] Guidelines for dangerous USE flags Michael Orlitzky
2017-08-22 17:37 ` Sven Vermeulen
2017-08-24  3:06   ` [gentoo-dev] " Duncan
2017-08-29  9:21     ` Kent Fredric [this message]
2017-08-29 10:21       ` Duncan
2017-08-22 18:44 ` [gentoo-dev] " Robin H. Johnson
2017-08-24 15:22   ` Michael Orlitzky
2017-08-25 22:07     ` William Hubbs

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170829211332.61f19e10@katipo2.lan \
    --to=kentnl@gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox