From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-89756-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id CC98D138334
	for <garchives@archives.gentoo.org>; Wed, 18 Dec 2019 21:45:08 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3725BE090A;
	Wed, 18 Dec 2019 21:45:05 +0000 (UTC)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E1E39E08AB
	for <gentoo-dev@lists.gentoo.org>; Wed, 18 Dec 2019 21:45:04 +0000 (UTC)
Received: by mail-ot1-x32d.google.com with SMTP id a15so4291371otf.1
        for <gentoo-dev@lists.gentoo.org>; Wed, 18 Dec 2019 13:45:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=vy5ZUCVZzk8xdWxPuaOYkbC8IIZBiI3eOMQesvR9c5k=;
        b=Ats1P1gNo/Ua/u18VkkquYANAfTFVN8vjDLa/dd2Be0buHvKtMo2A6kLmRN6uUzBUC
         thi4QXA1hXInWq3K2xNMAm/l1Hu730eNKzn6DjQLp/CUduIncljzR/2bHA45I1+wvKn6
         WrVJAPBpdb8OUsV4bBC2Cv72y7e0+kDot3jic4CJBHZKQJ+k7ZkWhmZc/sbFZpZFyukU
         d1xOoN3fI/DC3+kFWuj1Q6tWv5sBP21DkS5lMIQLbgMUIDA3MPnjiaPafM4OaSvoDq3s
         n5yzgKxE8kinUG+cXh/v8QtI7P3IEXRefO58ig5K3KtePuvLEMXvU+W+DGz4vuO/SlmJ
         yLXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=vy5ZUCVZzk8xdWxPuaOYkbC8IIZBiI3eOMQesvR9c5k=;
        b=iCmMCbVG/o1Ufe6Syz8sfvbY8NYTcg9zqgpMTmYWvx62Vl6YZVuNXHplerVO/ZJLum
         LQ9Lvn9mJs2brfpcSfXIOeTXpzCNTpNXWx7Ssj7PMvu4/4N1BnpinQMPL5LXRfLtV16D
         51JFXv5LnqrcwhRCLe54MbvMO75X1MIelz/AVfqaREKOyQTxz+w2S7DZV/1B64eC7juA
         SSRRvG829D9+uwP80by/XUjPIOF/dyBRHk0w/m9e3bduCFh6W9jiyf7ozViI12xGgD8x
         iEA9hKkbplpNy3eBgaPAggHoUtXm90bwscwAUy4W8Xl8tdM7SiNlJd8kfCuZ9JJMnrtd
         rXpg==
X-Gm-Message-State: APjAAAXBbgugrWaDJfzEkEQ2aacMz+KpWSAm4UmgJb84MrN/D454Pbbq
	nEgMAGvcpHKi7tkp4BbaLasj6WfMYqsPsOZKG+RD8Q==
X-Google-Smtp-Source: APXvYqz43c1XFgXMYrqiXB5Fspl+WpWv7SlmtOMqq+hoGJHJTOO1Kkee7lkCZe0XO5MnV8g6ZiKEpbU58ZGPGhP8PEY=
X-Received: by 2002:a05:6830:3052:: with SMTP id p18mr2791876otr.213.1576705503765;
 Wed, 18 Dec 2019 13:45:03 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
References: <1a722f8f-36b5-c313-b6e1-eac75e0839c5@gentoo.org> <85c9df6f-fcf5-61d7-90af-a375f5c75088@gentoo.org>
In-Reply-To: <85c9df6f-fcf5-61d7-90af-a375f5c75088@gentoo.org>
From: Francesco Riosa <vivo75@gmail.com>
Date: Wed, 18 Dec 2019 22:44:53 +0100
Message-ID: <CAD6zcDzJno4jbt9qSzZKEP1euXtGh9c_jhoVz3tiX69ULDzqVw@mail.gmail.com>
Subject: Re: [gentoo-dev] Needs ideas: Upcoming circular dependency: expat <> CMake
To: gentoo development <gentoo-dev@lists.gentoo.org>
Content-Type: multipart/alternative; boundary="00000000000077a870059a015bbb"
X-Archives-Salt: 1f847f04-007f-404b-82aa-a620848c9655
X-Archives-Hash: ce61a34e22cc978f8ff4c906772e582b

--00000000000077a870059a015bbb
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Il giorno mer 18 dic 2019 alle ore 22:03 Sebastian Pipping <sping@gentoo.or=
g>
ha scritto:

>
> CMake bundles a (previously outdated and vulnerable) copy of expat so
> I'm not sure if re-activating that bundle =E2=80=94 say with a new use fl=
ag
> "system-expat" =E2=80=94 would be a good thing to resort to for breaking =
the
> cycle, with regard to security in particular.
>
> Pushing gently upstream to upgrade bundled expat copy would (at least
temporarily) fix the issue and also benefit other use cases. Maybe they are
Gentoo friendly
they also release quite often, which would fix the problem soon

--00000000000077a870059a015bbb
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">Il giorno mer 18 dic 2019 alle ore 22=
:03 Sebastian Pipping &lt;<a href=3D"mailto:sping@gentoo.org">sping@gentoo.=
org</a>&gt; ha scritto:<br></div><blockquote class=3D"gmail_quote" style=3D=
"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-le=
ft:1ex"><br>
CMake bundles a (previously outdated and vulnerable) copy of expat so<br>
I&#39;m not sure if re-activating that bundle =E2=80=94 say with a new use =
flag<br>
&quot;system-expat&quot; =E2=80=94 would be a good thing to resort to for b=
reaking the<br>
cycle, with regard to security in particular.<br><br></blockquote><div>Push=
ing gently upstream to upgrade bundled expat copy would (at least temporari=
ly) fix the issue and also benefit other use cases. Maybe they are Gentoo f=
riendly<br>they also release quite often, which would fix the problem soon<=
/div></div></div>

--00000000000077a870059a015bbb--