From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E7Kui-0007RQ-Is for garchives@archives.gentoo.org; Mon, 22 Aug 2005 22:37:08 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7MMZKcx030218; Mon, 22 Aug 2005 22:35:20 GMT Received: from egr.msu.edu (jeeves.egr.msu.edu [35.9.37.127]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7MMZJkr009389 for ; Mon, 22 Aug 2005 22:35:20 GMT Received: from [207.72.143.170] (207-72-143-170.dovers_res_net.spartan-net.net [207.72.143.170] (may be forged)) (authenticated bits=0) by egr.msu.edu (8.13.4/8.13.4) with ESMTP id j7MMa1dX023072 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 22 Aug 2005 18:36:05 -0400 (EDT) Message-ID: <430A5353.7030003@egr.msu.edu> Date: Mon, 22 Aug 2005 18:36:03 -0400 From: Alec Warner User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050806) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-portage-dev@lists.gentoo.org Subject: Re: [gentoo-portage-dev] Environment Whitelisting References: <4308E349.8010107@egr.msu.edu> <20050822233323.276ad887@andy.genone.homeip.net> <20050822214059.GU10816@nightcrawler> <20050822235954.4aece5d1@andy.genone.homeip.net> <20050822221915.GV10816@nightcrawler> In-Reply-To: <20050822221915.GV10816@nightcrawler> X-Enigmail-Version: 0.90.2.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: d2854935-4a21-4a06-8022-c076e7f663d2 X-Archives-Hash: 96336d693488a08696e0a81cfdf65142 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian Harring wrote: > On Mon, Aug 22, 2005 at 11:59:54PM +0200, Marius Mauch wrote: > >>On 08/22/05 Brian Harring wrote: >> >> >>>On Mon, Aug 22, 2005 at 11:33:23PM +0200, Marius Mauch wrote: >>> >>>>Theoretical discussions about this are pointless IMO without >>>>numbers/facts to back things up. >>> >>>I'd posit theroetical discussions about this are pointless without >>>getting ebuild dev's to give a yay/nay on whether they want it or not; >>> >>>not much for trying to force it down their throats if they don't want >>>it (more work, essentially). >> >>That too. But providing them with some numbers will certainly have an >>effect on their decision (especially if it shows that it doesn't really >>affect them ;) > > Rather hard to back it up though, without specialized knowledge in > (effectively) the whole tree- either we do it, or we ask nicely those > who are supposed to have such knowledge :) > > I can rattle off a couple of env vars that screw things up, but how > many of us are aware that an exported ARCH screws with kernel builds > fex? > > I'd punt it to them, and find out what they think (tiz the route I > took when I brought this up last). > > Explicit whitelisting is great for getting closer to deterministic > builds, but it's a helluva overhead on a side note. > ~harring I'm kinda with genone on implementing both ( since they are similar ). If it's decided that blacklisting is easier to maintain, I can always make up my own whitelist for pkg-foo and apply it and if it works submit it as a bug ( or even some other whitelist database? ) and thus can gaurentee that my package was built 'correctly'(TM). I think this would be important in fex, an enterprise distribution type deal where the build env is important to some. Put the whitelists in the tree and have them --excluded by default, so only the users that use them have to downlaod them. Regardless I'd like to see what actual people who write and manage ebuilds think, I've only written a few and I don't have much experience in that area. ( Spanky, solar, etc... the crazy ones ) :) - -Alec Warner (antarus) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQIVAwUBQwpTUmzglR5RwbyYAQKPOA/+PbhtDYbbasHP9ZDa2SwTN+YVQRfXEfBt QwqjmtmdSyGSsLJL7C5PtASL/lLUK0z6uI2LmCniHctvIzvHd7/dAZO8deq4Hqcb 18CgXZucwqvGnLhPIC23Z7CTXb3dUf60WTbwjkP4vTmywRtWr3eOqGIZ03pgjrBr GDtb+onEGn8lSMxdqRuUxCvFnyz+QIaX2ysOahH/qKRIcJXh4w/zFQrDy+9olSpy CAkaZLrOplRKZSSkz5i/W1dpKioa7fa3FXD43a7uWXzoRsLNxivyhNqtJJ34rnPI UexjElpelGlnw4zdDGzq5waYDpwUPfme8vz4pHEZ0MtqGQZ7OCsl3Pnz5q44Z7Vd cwN5+limQGN0dg55kYgbx+pOm0TRi5u9iAHMdlLojxD9e29AeGpRijeaWfm6ZuRk MEQrBJMFkhm4BaOuZ8+lcmaso1SxsfdQnlEnwXBVnjt2uoqy/G14wGPxye+gb3tL kUqBhB+DNH8RMO6Sgu+DDTsLT2vx7w7MV7XMQorBD6g4nvIxdl5OR13sI0Yo+gnt RF6BlM7eShMrx9aYx9Xr97F9XuBH8tIOKzpSqPK+O/cevJVVu6IwSU8VyPW2o0Rr rKCwS04vrYSwkfpvNgChNHSqhk08NKcBIQD4sLvrMZpp70OyGXgMTvryUxjzgejA Tb1Woep3gYk= =Q3sT -----END PGP SIGNATURE----- -- gentoo-portage-dev@gentoo.org mailing list