From: Alec Warner <warnera6@egr.msu.edu>
To: gentoo-portage-dev@lists.gentoo.org
Subject: Re: [gentoo-portage-dev] Environment Whitelisting
Date: Mon, 22 Aug 2005 18:36:03 -0400 [thread overview]
Message-ID: <430A5353.7030003@egr.msu.edu> (raw)
In-Reply-To: <20050822221915.GV10816@nightcrawler>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian Harring wrote:
> On Mon, Aug 22, 2005 at 11:59:54PM +0200, Marius Mauch wrote:
>
>>On 08/22/05 Brian Harring wrote:
>>
>>
>>>On Mon, Aug 22, 2005 at 11:33:23PM +0200, Marius Mauch wrote:
>>>
>>>>Theoretical discussions about this are pointless IMO without
>>>>numbers/facts to back things up.
>>>
>>>I'd posit theroetical discussions about this are pointless without
>>>getting ebuild dev's to give a yay/nay on whether they want it or not;
>>>
>>>not much for trying to force it down their throats if they don't want
>>>it (more work, essentially).
>>
>>That too. But providing them with some numbers will certainly have an
>>effect on their decision (especially if it shows that it doesn't really
>>affect them ;)
>
> Rather hard to back it up though, without specialized knowledge in
> (effectively) the whole tree- either we do it, or we ask nicely those
> who are supposed to have such knowledge :)
>
> I can rattle off a couple of env vars that screw things up, but how
> many of us are aware that an exported ARCH screws with kernel builds
> fex?
>
> I'd punt it to them, and find out what they think (tiz the route I
> took when I brought this up last).
>
> Explicit whitelisting is great for getting closer to deterministic
> builds, but it's a helluva overhead on a side note.
> ~harring
I'm kinda with genone on implementing both ( since they are similar ).
If it's decided that blacklisting is easier to maintain, I can always
make up my own whitelist for pkg-foo and apply it and if it works submit
it as a bug ( or even some other whitelist database? ) and thus can
gaurentee that my package was built 'correctly'(TM). I think this would
be important in fex, an enterprise distribution type deal where the
build env is important to some. Put the whitelists in the tree and have
them --excluded by default, so only the users that use them have to
downlaod them.
Regardless I'd like to see what actual people who write and manage
ebuilds think, I've only written a few and I don't have much experience
in that area. ( Spanky, solar, etc... the crazy ones ) :)
- -Alec Warner (antarus)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQIVAwUBQwpTUmzglR5RwbyYAQKPOA/+PbhtDYbbasHP9ZDa2SwTN+YVQRfXEfBt
QwqjmtmdSyGSsLJL7C5PtASL/lLUK0z6uI2LmCniHctvIzvHd7/dAZO8deq4Hqcb
18CgXZucwqvGnLhPIC23Z7CTXb3dUf60WTbwjkP4vTmywRtWr3eOqGIZ03pgjrBr
GDtb+onEGn8lSMxdqRuUxCvFnyz+QIaX2ysOahH/qKRIcJXh4w/zFQrDy+9olSpy
CAkaZLrOplRKZSSkz5i/W1dpKioa7fa3FXD43a7uWXzoRsLNxivyhNqtJJ34rnPI
UexjElpelGlnw4zdDGzq5waYDpwUPfme8vz4pHEZ0MtqGQZ7OCsl3Pnz5q44Z7Vd
cwN5+limQGN0dg55kYgbx+pOm0TRi5u9iAHMdlLojxD9e29AeGpRijeaWfm6ZuRk
MEQrBJMFkhm4BaOuZ8+lcmaso1SxsfdQnlEnwXBVnjt2uoqy/G14wGPxye+gb3tL
kUqBhB+DNH8RMO6Sgu+DDTsLT2vx7w7MV7XMQorBD6g4nvIxdl5OR13sI0Yo+gnt
RF6BlM7eShMrx9aYx9Xr97F9XuBH8tIOKzpSqPK+O/cevJVVu6IwSU8VyPW2o0Rr
rKCwS04vrYSwkfpvNgChNHSqhk08NKcBIQD4sLvrMZpp70OyGXgMTvryUxjzgejA
Tb1Woep3gYk=
=Q3sT
-----END PGP SIGNATURE-----
--
gentoo-portage-dev@gentoo.org mailing list
next prev parent reply other threads:[~2005-08-22 22:37 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-21 20:25 [gentoo-portage-dev] Environment Whitelisting Alec Warner
2005-08-22 1:24 ` Zac Medico
2005-08-22 3:52 ` [gentoo-portage-dev] " Drake Wyrm
2005-08-22 4:41 ` Zac Medico
2005-08-22 16:29 ` Kristian Benoit
2005-08-22 14:52 ` Jason Stubbs
2005-08-22 18:08 ` Zac Medico
2005-08-22 19:15 ` warnera6
2005-08-22 19:24 ` Zac Medico
2005-08-22 20:58 ` Brian Harring
2005-08-23 1:57 ` Kristian Benoit
2005-08-23 2:15 ` Brian Harring
2005-08-22 21:33 ` [gentoo-portage-dev] " Marius Mauch
2005-08-22 21:40 ` Brian Harring
2005-08-22 21:55 ` warnera6
2005-08-22 21:59 ` Marius Mauch
2005-08-22 22:19 ` Brian Harring
2005-08-22 22:36 ` Alec Warner [this message]
2005-08-22 22:41 ` Brian Harring
2005-08-22 23:01 ` [gentoo-portage-dev] Profiles [ was Environmental Whitelisting ] Alec Warner
2005-08-22 23:28 ` [gentoo-portage-dev] Environment Whitelisting Jason Stubbs
2005-08-22 23:56 ` Brian Harring
2005-08-23 10:50 ` Jason Stubbs
2005-08-23 0:27 ` Alec Warner
2005-08-23 2:46 ` Kristian Benoit
2005-08-23 3:40 ` Alec Warner
2005-08-23 16:19 ` Kristian Benoit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=430A5353.7030003@egr.msu.edu \
--to=warnera6@egr.msu.edu \
--cc=gentoo-portage-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox