From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-90960-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id C0E24138350
	for <garchives@archives.gentoo.org>; Tue,  7 Apr 2020 10:47:50 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3222FE0C41;
	Tue,  7 Apr 2020 10:47:47 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E7B86E0BFE
	for <gentoo-dev@lists.gentoo.org>; Tue,  7 Apr 2020 10:47:46 +0000 (UTC)
Received: from [IPv6:2001:4dd4:3c61:0:5dd8:65d6:1562:e95] (2001-4dd4-3c61-0-5dd8-65d6-1562-e95.ipv6dyn.netcologne.de [IPv6:2001:4dd4:3c61:0:5dd8:65d6:1562:e95])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: whissi)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 72B0434F0B5
	for <gentoo-dev@lists.gentoo.org>; Tue,  7 Apr 2020 10:47:45 +0000 (UTC)
Subject: Re: [gentoo-dev] zoom concerns
To: gentoo-dev@lists.gentoo.org
References: <CACfyCdVi_gnMZfOPJvQhwpkJzZ4LvQQu2YVWf4hsO3HT-eGKaA@mail.gmail.com>
 <CAAr7Pr89+-tWPL1eGOf3XqsU30=j0nLtvytTVkf2Rm_swukMXg@mail.gmail.com>
 <b297f9b3-6ff7-3d9a-4804-a067c66a83a8@iinet.net.au>
 <253dfd38f118f868bb35a5ccc4469926c9df0fe4.camel@gentoo.org>
 <9f1ac24d-83a2-1a6d-4bec-5dcd9101576c@redhat.com>
 <20200405025753.20921243@katipo2.lan>
 <46e4444a-8694-6109-d405-d4c93ba13b90@gmail.com>
 <20200407010803.3d8ec1fa@katipo2.lan>
 <d52a8f83-4e4e-2f4f-0a5b-7f4dcaffbdfe@gmail.com> <uh7xvwuj2@gentoo.org>
From: Thomas Deutschmann <whissi@gentoo.org>
Organization: Gentoo Foundation, Inc
Message-ID: <e45f04ed-d1d5-1079-379e-d41a7bf535dd@gentoo.org>
Date: Tue, 7 Apr 2020 12:47:33 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/68.6.0
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
In-Reply-To: <uh7xvwuj2@gentoo.org>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="r50lKC2ubbpFm4CbBFMYULDFcGtJRzJVf"
X-Archives-Salt: 2ef612cc-fe01-40fc-b52f-8ff622b776e2
X-Archives-Hash: 038cf87828533d594dd0cc847845ee3e

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--r50lKC2ubbpFm4CbBFMYULDFcGtJRzJVf
Content-Type: multipart/mixed; boundary="jeEHDHh3cY2L8vEnpA4opsqVJgxA3oNN3"

--jeEHDHh3cY2L8vEnpA4opsqVJgxA3oNN3
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 2020-04-07 10:48, Ulrich Mueller wrote:
> We could add a README.gentoo file with our caveats. It won't be perfect=
,
> but maybe better than nothing. (And certainly better than displaying a
> warning on every upgrade, which will eventually annoy people [1].)

I am strictly against something like this.

We have a lot of packages with *confirmed* *serious* problems. Zoom is
not special to warrant a special treatment in any way.

More important: Until today, not one single vulnerability discussed in
public recently got confirmed for the Linux version.

Sure, that could have banal reasons like "No one audited the Linux
version yet". But in security you don't issue warnings if you aren't
sure. Because if you make false statements people will no longer trust
you. But trust is everything.


--=20
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5


--jeEHDHh3cY2L8vEnpA4opsqVJgxA3oNN3--

--r50lKC2ubbpFm4CbBFMYULDFcGtJRzJVf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGTBAEBCgB9FiEEExKRzo+LDXJgXHuURObr3Jv2BVkFAl6MWktfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDEz
MTI5MUNFOEY4QjBENzI2MDVDN0I5NDQ0RTZFQkRDOUJGNjA1NTkACgkQRObr3Jv2
BVl0+Qf/fYUjlZRgnf9c2J1LqgUzfwS/AD+Bh67jmcjCsMe29OH1sW+R9zBED1HM
C6dKwsJkY6q6h0Dwt5EdrRFeLECOWEIIw3mdks0kF9UPjWPHoCPTGP9lwIM6dfWn
5r8xW4tku0k3oyWmSmF2bm7NOkzt1DZmvuJu/7PP/s9nwSYvhY6po/qOzoBU4Rpf
zT4vGRGBmWNII8TItBn0YR7STtB5+zXyL9R3evspD2oKEl9OplidOd4dZN/KeDlz
QY6kuvciNAuHPZZ5iMEAIWf1MBKkHG1OG4IN78uo7fZNl0IuE+aNatEw+oSXEghK
ksNk9DrBi9yFt0K4Z0LLEQiE1BKM1A==
=GB5F
-----END PGP SIGNATURE-----

--r50lKC2ubbpFm4CbBFMYULDFcGtJRzJVf--