From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.54)
	id 1FM49J-0004Oa-T3
	for garchives@archives.gentoo.org; Wed, 22 Mar 2006 14:17:22 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.5.20060308/8.13.5) with SMTP id k2MEGEEs011139;
	Wed, 22 Mar 2006 14:16:14 GMT
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.194])
	by robin.gentoo.org (8.13.5.20060308/8.13.5) with ESMTP id k2MEDrHc008496
	for <gentoo-dev@lists.gentoo.org>; Wed, 22 Mar 2006 14:13:53 GMT
Received: by uproxy.gmail.com with SMTP id q2so60114uge
        for <gentoo-dev@lists.gentoo.org>; Wed, 22 Mar 2006 06:13:52 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=gR369ydbFHVQJO1et1YKyEolxDsRKFW/aPSXoW/b6OA/r1dl4/7NRhkr4qEOR1fyKZwoIPbDkX+qZaPH6IrFdzcLngffOdmRjNKlMlMppUMvkQHF09qh+2Mu9CrQZFkLFp/UQCl1FpX+gh98f5fCxsJy+EkVT5PD9WqqLWVYXkM=
Received: by 10.66.216.10 with SMTP id o10mr402266ugg;
        Wed, 22 Mar 2006 06:13:52 -0800 (PST)
Received: by 10.66.218.9 with HTTP; Wed, 22 Mar 2006 06:13:52 -0800 (PST)
Message-ID: <3b09e8e90603220613h224ec503vdf3b879c37bd556c@mail.gmail.com>
Date: Wed, 22 Mar 2006 09:13:52 -0500
From: "Thomas Cort" <linuxgeek@gmail.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Re: Making the developer community more open
In-Reply-To: <558b73fb0603220556j37437adfi3b5825657a592932@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
References: <441F35B9.8000406@gentoo.org>
	 <dda83e780603201545u71875144u6b78551ed3a84a52@mail.gmail.com>
	 <1143024569.27445.23.camel@getafix.chiltonfoliat.org>
	 <pan.2006.03.22.12.53.53.933198@cox.net>
	 <558b73fb0603220556j37437adfi3b5825657a592932@mail.gmail.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id k2MEDrHc008496
X-Archives-Salt: 75b2f4e1-a5ef-44f9-bcae-aaa7a805dba6
X-Archives-Hash: 6f23d68c6563b3f7e333ab2648a41adf

> The process for getting unstable ebuilds from bugzilla to portage could
> even be automated to the extent that when an ebuild is put into
> bugzilla it gets auto committed to the tree but masked unstable.

I don't think that auto committing user submitted ebuilds is safe,
even if they are masked. For instance, someone could put something
malicious in global scope in the ebuild. Stuff in global scope gets
interpreted whenever the ebuild is sourced. More info on scope:
http://www.gentoolinux.org/proj/en/devrel/handbook/handbook.xml?part=3&chap=1#doc_chap3_sect4

-Thomas

-- 
gentoo-dev@gentoo.org mailing list