From: "Alec Warner" <antarus@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [soc] Python bindings for Paludis
Date: Sat, 31 Mar 2007 15:37:51 -0700 (PDT) [thread overview]
Message-ID: <39425.67.180.39.52.1175380671.squirrel@webmail.scriptkitty.com> (raw)
In-Reply-To: <20070331203957.0ce015bd@blashyrk>
> On Sat, 31 Mar 2007 15:24:03 -0400
> Seemant Kulleen <seemant@gentoo.org> wrote:
>
>> To make it more clear. If the gcc developers decided to stick some
>> malicious code into gcc, it affects the entire linux community, the
>> entire BSD community and would take out a few other communities as
>> well. The effects are far reaching and shared by everyone. If an
>> official package manager is outside of Gentoo's control, and the
>> maintainer(s) of that piece of software decide to do anything
>> malicious (examples: inject some dodgy code, remove documentation,
>> take out access to the repository, etc) for whatever reason (say,
>> they get pissed off at a few Gentoo people and decide that the entire
>> Gentoo community can be painted that way), then
>
> ... Gentoo developers can take the latest release of said package
> manager and continue development from that. That's the wonderful thing
> about the GPL, no?
The fact that Gentoo can continue with the codebase is irrelevant. I
think moreso the fact that a particular Package Manager would be the
'Gentoo Package Manager' means in my mind that Gentoo is responsible for
said Package Manager. If someone were to slip evil code into said Package
Manager and Gentoo released it; that would be bad.
Note that with Portage, Gentoo could pull svn access for any individuals
who commit such code. Gentoo have no gaurantee of that with an externally
managed Manager as Gentoo has no control over the source repositories.
If, by your comment above, Gentoo should maintain it's own branch of said
package manager to insulate itself from issues such as the security issue
defined above; well I think that may be one way to address the problem
presented by Seemant.
-Alec
--
gentoo-dev@gentoo.org mailing list
next prev parent reply other threads:[~2007-03-31 22:43 UTC|newest]
Thread overview: 131+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-23 23:28 [gentoo-dev] [soc] Python bindings for Paludis Piotr Jaroszyński
2007-03-24 2:21 ` Josh Saddler
2007-03-24 2:46 ` Jonathan Adamczewski
2007-03-24 7:28 ` Wernfried Haas
2007-03-24 8:31 ` Alec Warner
2007-03-24 9:06 ` Wernfried Haas
2007-03-24 5:50 ` Mike Frysinger
2007-03-24 12:54 ` Michael Cummings
2007-03-24 13:30 ` Piotr Jaroszyński
2007-03-24 15:58 ` [gentoo-dev] YA_non-technical post about development (was Re: [soc] Python bindings for Paludis) Steve Long
2007-03-24 16:06 ` [gentoo-dev] [soc] Python bindings for Paludis Grant Goodyear
2007-03-24 16:33 ` Grant Goodyear
[not found] ` <4605523F.8070002@gentoo.org>
2007-03-24 16:38 ` Ciaran McCreesh
2007-03-24 16:51 ` Grant Goodyear
2007-03-24 20:08 ` Robert Buchholz
2007-03-24 19:25 ` Luca Barbato
2007-03-24 19:52 ` Alec Warner
2007-03-24 20:59 ` Ciaran McCreesh
2007-03-24 23:00 ` Luca Barbato
2007-03-24 16:46 ` Piotr Jaroszyński
2007-03-24 16:48 ` Mike Kelly
2007-03-24 17:10 ` Mike Doty
2007-03-24 12:02 ` Anant Narayanan
2007-03-24 17:19 ` Matthias Langer
2007-03-25 14:40 ` Mike Frysinger
2007-03-25 14:46 ` Ciaran McCreesh
2007-03-25 14:58 ` Mike Frysinger
2007-03-25 15:34 ` Piotr Jaroszyński
2007-03-25 15:54 ` Andrew Gaffney
2007-03-25 17:05 ` Piotr Jaroszyński
2007-03-25 18:03 ` Mike Frysinger
2007-03-25 18:28 ` Michael Krelin
2007-03-27 19:19 ` Mike Frysinger
2007-03-27 20:15 ` Ciaran McCreesh
2007-03-28 13:08 ` Paul de Vrieze
2007-03-28 19:49 ` Anant Narayanan
2007-03-29 8:56 ` Ciaran McCreesh
2007-03-29 17:16 ` Anant Narayanan
2007-03-29 17:50 ` Ciaran McCreesh
2007-03-29 20:47 ` Thomas Rösner
2007-03-29 21:04 ` Ciaran McCreesh
2007-03-30 7:49 ` Thomas Rösner
2007-03-30 12:51 ` Ciaran McCreesh
2007-03-29 21:37 ` Anant Narayanan
2007-03-30 0:58 ` Seemant Kulleen
2007-03-30 2:55 ` Anant Narayanan
2007-03-30 3:22 ` Seemant Kulleen
2007-03-30 4:40 ` Anant Narayanan
2007-03-30 6:22 ` Vlastimil Babka
2007-03-30 3:14 ` Alec Warner
2007-03-30 12:55 ` Ciaran McCreesh
2007-03-30 15:07 ` Andrej Kacian
2007-03-30 20:13 ` Roy Marples
2007-03-30 20:23 ` Ciaran McCreesh
2007-03-30 21:13 ` Christopher Sawtell
2007-03-30 21:22 ` Ciaran McCreesh
2007-03-31 2:24 ` Seemant Kulleen
2007-03-30 21:41 ` Danny van Dyk
2007-03-31 2:26 ` Seemant Kulleen
2007-03-31 2:53 ` Christopher Sawtell
2007-03-31 3:31 ` Seemant Kulleen
2007-03-31 22:39 ` [gentoo-dev] " Steve Long
2007-03-31 22:51 ` Seemant Kulleen
2007-04-01 1:09 ` Christopher Sawtell
2007-04-02 9:36 ` [gentoo-dev] " Steve Long
2007-03-31 2:02 ` [gentoo-dev] " Roy Marples
2007-03-29 18:57 ` Ned Ludd
2007-03-29 19:06 ` Ciaran McCreesh
2007-03-29 19:25 ` Ned Ludd
2007-03-29 20:02 ` Ciaran McCreesh
2007-03-29 20:33 ` Ned Ludd
2007-03-29 21:00 ` Stephen Bennett
2007-03-29 21:03 ` Ilya A. Volynets-Evenbakh
2007-03-29 21:41 ` Ned Ludd
2007-03-30 9:07 ` Brian Harring
2007-03-30 13:18 ` Ciaran McCreesh
2007-03-30 18:04 ` Mike Frysinger
2007-03-30 18:35 ` Ciaran McCreesh
2007-03-30 18:50 ` Homer Parker
2007-03-30 18:56 ` Ciaran McCreesh
2007-03-30 20:41 ` Michael Krelin
2007-03-30 20:47 ` Ciaran McCreesh
2007-03-30 21:53 ` Michael Krelin
2007-03-31 22:45 ` [gentoo-dev] " Steve Long
2007-03-31 23:16 ` Michael Krelin
2007-03-30 20:30 ` [gentoo-dev] " Larry Lines
2007-03-30 20:37 ` Ciaran McCreesh
2007-03-30 20:51 ` Mike Frysinger
2007-03-30 21:09 ` Ciaran McCreesh
2007-03-31 0:29 ` Mike Frysinger
2007-03-31 0:45 ` Ciaran McCreesh
2007-03-31 1:03 ` Mike Frysinger
2007-03-31 1:07 ` Ciaran McCreesh
2007-03-30 23:09 ` Anant Narayanan
2007-03-30 23:15 ` Josh Saddler
2007-03-31 0:33 ` Mike Frysinger
2007-03-30 18:42 ` Matthias Langer
2007-03-30 19:28 ` Seemant Kulleen
2007-03-30 20:54 ` Mike Frysinger
2007-03-31 5:36 ` Rumen Yotov
2007-03-31 6:12 ` [gentoo-dev] " Duncan
2007-04-01 11:20 ` Adam Pickett
2007-04-01 13:13 ` Mike Auty
2007-04-01 19:11 ` Duncan
2007-04-01 22:43 ` Mike Auty
2007-04-02 9:15 ` Duncan
2007-03-31 18:02 ` [gentoo-dev] " Christopher Covington
2007-03-31 18:16 ` Andrej Kacian
2007-03-31 19:24 ` Seemant Kulleen
2007-03-31 19:34 ` Andrej Kacian
2007-03-31 19:39 ` Stephen Bennett
2007-03-31 22:27 ` [gentoo-dev] " Steve Long
2007-03-31 22:39 ` Ciaran McCreesh
2007-03-31 22:53 ` Mike Frysinger
2007-03-31 22:37 ` Alec Warner [this message]
2007-04-03 13:55 ` [gentoo-dev] " Mike Kelly
2007-04-03 17:10 ` antarus
2007-04-05 8:22 ` Ciaran McCreesh
2007-04-01 0:31 ` Jan Kundrát
2007-03-31 22:30 ` Mike Frysinger
2007-03-27 20:17 ` Michael Krelin
2007-03-25 16:23 ` [gentoo-dev] " Duncan
2007-03-25 18:35 ` Steve Long
2007-03-25 23:41 ` Alec Warner
2007-03-24 19:50 ` [gentoo-dev] " Daniel Drake
2007-03-24 21:18 ` Denis Dupeyron
2007-03-24 7:09 ` Luca Barbato
2007-03-24 16:24 ` Ciaran McCreesh
2007-03-24 19:53 ` Luca Barbato
2007-03-24 20:28 ` Danny van Dyk
2007-03-24 20:49 ` Luca Barbato
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=39425.67.180.39.52.1175380671.squirrel@webmail.scriptkitty.com \
--to=antarus@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox