From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E6wOO-00018m-31 for garchives@archives.gentoo.org; Sun, 21 Aug 2005 20:26:08 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7LKP0jY028675; Sun, 21 Aug 2005 20:25:00 GMT Received: from egr.msu.edu (jeeves.egr.msu.edu [35.9.37.127]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7LKOx8i003637 for ; Sun, 21 Aug 2005 20:25:00 GMT Received: from [207.72.143.170] (207-72-143-170.dovers_res_net.spartan-net.net [207.72.143.170] (may be forged)) (authenticated bits=0) by egr.msu.edu (8.13.4/8.13.4) with ESMTP id j7LKPW6Q013803 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 21 Aug 2005 16:25:33 -0400 (EDT) Message-ID: <4308E349.8010107@egr.msu.edu> Date: Sun, 21 Aug 2005 16:25:45 -0400 From: Alec Warner User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050806) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-portage-dev@lists.gentoo.org Subject: [gentoo-portage-dev] Environment Whitelisting X-Enigmail-Version: 0.90.2.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: b440231e-2574-464d-98a2-31b3a8b744c2 X-Archives-Hash: 905133d3f157f0ed9ab5b39aa52c4a6d -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Was talking with Brian about the build environment and how settings were to be passed into the build environment. Essentially three scenarios were presented. 1) The full environment is passed to the build environment. This was generally agreed upon to be bad since there are environmental things that can cause build problems. 2) The full environment is parsed via a blacklist to strip out environment settings that are known to be bad for building packages. This leads to a clean* build environment. However, maintaining the blacklist can be a challenge if it grows in size. (*) clean, meaining all the bad things we know about are not in the build environment. This does not account for the bad things we do NOT know about. 3) The full environment is parsed via a whitelist to get a list of environment settings that are known to be good for building packages. This leads to a clean build environment, as only whitelisted environment settings are passed in. However, the whitelist will probably be worse to maintain than a blacklist. Both 2) and 3) above have issues where some build variables are bad for ebuild X but not ebuild Y. I am unsure how exactly to cover any kind of situation like that ( and I don't have an example from the tree, save perhaps LANG=weird-language ). To me 1) is unacceptable and 3) is the best option. Feel free to shoot these down as you see fit ;) - -Alec Warner (antarus) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQIVAwUBQwjjSGzglR5RwbyYAQIAeQ//cGJLLF0BKATfaUjAikiKgJ8miHeMBw9p UMN+xmB3N48Qj8bEC9qhhisSVZGFUVBuucWX5ObKGOG9vQx2Ry/i3NJG0W124s77 f9lLYOcPBOXV6Wo9F4WQ20SZt+0ktoCe2aphC/aVVyiyQhagtqjud50caBcUVfGq OlpZLLze9LW5SeqRC5N826kZJh63wP/4YOqqRo5DKjIJb/ahFUT0IZqBVWs2OADD 548yRsBsW4G3n8+JxANbGVeFwPACiWc+DFUBU651X36D01+D/M/a5Cp1f+J+Y2IW AouTkuzxmu8FgiK1+xNN3hOPM+PiqHfcWT7gBa+5Xb+h19mwgJuQAAD7stQNKxZk GorIA6GubOx+6qQd4nbzdR7bm2/LUhpC2IOQlIwmMwh2RPYnVp7QRILvsFRGPELV Fb0/enfwD2EzhwJJKkx5LFOdTFA71RP7WICNUJTbntRWp89aspgPg+gB/6gq9s0t Hf8oRsHR1Xox0NH09oJTTToxakgjdnSrjUAG42ZqDLRvP1x8FmL6BWbYZ9CIXBaJ r7wxYCwW6pQGcuCAtZCnc9UEIHXTZuy4btxnrfxAwtT10dJub2BrBo4TSZgRQyKu ++N3nxVb0m8qOgRJYsv4hBb0ybJgrDiqCmvfSgSEJAO1+wKPnR8YhEqsOkNBul4Y sLBvLF9lJl8= =AXLx -----END PGP SIGNATURE----- -- gentoo-portage-dev@gentoo.org mailing list