From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 824A01387FD for ; Sat, 29 Mar 2014 20:27:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E26BBE0A41; Sat, 29 Mar 2014 20:27:31 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0C3EEE09FE for ; Sat, 29 Mar 2014 20:27:30 +0000 (UTC) Received: from [10.25.43.11] (c83-248-181-222.bredband.comhem.se [83.248.181.222]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: klondike) by smtp.gentoo.org (Postfix) with ESMTPSA id BA85733FA7F for ; Sat, 29 Mar 2014 20:27:29 +0000 (UTC) Message-ID: <53372CA6.1070700@gentoo.org> Date: Sat, 29 Mar 2014 21:27:18 +0100 From: "Francisco Blas Izquierdo Riera (klondike)" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] New virtuals for libudev and libgudev References: <5335EE26.1010606@gentoo.org> <53364874.9050603@gentoo.org> In-Reply-To: <53364874.9050603@gentoo.org> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="n7LFQfkHWGXtuDJPvte0e68NB1RATv6kg" X-Archives-Salt: ff327292-7e30-4771-abbd-654250be6a26 X-Archives-Hash: 511d9b6f9e77db6e73d770de0d1e8766 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --n7LFQfkHWGXtuDJPvte0e68NB1RATv6kg Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi! El 29/03/14 05:13, Samuli Suominen escribi=F3: > I took the liberty to unbreak the tree for you. Don't ever touch my > packages again unless > they are broken. Udev is broken: * They have known off by one string handling errors on their libraries, the developers were warned of that but have chosen to ignore the issue. The issue is still on http://cgit.freedesktop.org/systemd/systemd/tree/src/shared/strxcpyx.c on the function size_t strpcpyf(char **dest, size_t size, const char *src, ...) which can overflow the string boundaries in some case. This issue keeps coming up from time to time thanks to their "nice" efforts for cahnging the whole thing instead of fixing bugs. Also after a year nothing has been done. * They keep losing cohesion (http://en.wikipedia.org/wiki/Cohesion_%28computer_science%29) by inserting more and more unrelated software into Udev/systemd. This helps things like the above happen again. * They have the bad habit of recoding functions that are already provided by their only supported c library. This helps things like the above happen.=E7 * They keep reengineering everything reintroducing bugs that were fixed on previous iterations. Thus given the potential security issues udev (and systemd) have, the poor design decissions, and the lack of interest in their maintainers of fixing these, I'd strongly recommend masking it as was done with packets like wordpress or at least putting a big warning to the users. --n7LFQfkHWGXtuDJPvte0e68NB1RATv6kg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlM3LKsACgkQcfrM1mX4BmCqZQCfWVJMPYi7XkAeA0fd6kJdhbCt /OIAoOn41MQfcXSsSDWiV3uwz3az20eo =bry2 -----END PGP SIGNATURE----- --n7LFQfkHWGXtuDJPvte0e68NB1RATv6kg--