On Thursday 20 January 2005 00:51, Alexander Mieland wrote: > On Thursday 20 January 2005 00:33, Chris Gianelloni wrote: > > On Wed, 2005-01-19 at 23:47 +0100, Alexander Mieland wrote:
[..bah..] > > Then don't install it. You can have the ebuild do pretty much > > whatever you want, you know. > >[...] Soryy, i don't understand this discussion. What is the problem? basc can't read /var/log/whatever, but need it to work, exept if the user who run basc is the root user or member of the group portage. Right? Which polices forbid basc to be a member of portage? The guy who install it, has to be one of this kind of user. The security team shoul take a look on the source of basc and sign it. This guys do it on every other packake, that connect to other servers or accept connection from the outside. I'm right, they do it? And basc is easy to understand, only source... no package depends on basc, everybody can install it, if he want it do to, he only needs to be root or maybe a member of the portage group. Or i missing the point? <Earny>
pgp2hLBFaXt5P.pgp
Description: PGP signature
