On Tuesday, October 05, 2010 23:04:32 Nirbheek Chauhan wrote: > On Wed, Oct 6, 2010 at 7:36 AM, Mike Frysinger wrote: > > On Tuesday, October 05, 2010 10:35:57 Nirbheek Chauhan wrote: > >> To fix this problem sqlite upstream made a specific change allowing a > >> #pragma to be used to define where secure-delete is required, avoiding > >> the need to use secure-delete *everywhere*. > > > > so what you're saying is that this USE flag can die once people > > fix/update their packages > > What I'm saying is that mozilla team will not do it unless you either: > > (a) You convince/bribe/cluebat upstream (we've tried and failed), or > (b) You write a patch that you promise to maintain forever with quick > responses for security bumps > > Keep in mind that firefox usually only works with a very narrow range > of sqlite versions. If it's too low, it won't compile, or have runtime > failures (when they forget to update the min system-sqlite version). > If it's too high, it'll have strange runtime bugs since firefox relies > too heavily on existing sqlite behaviour[1].
so getting back to the original question: no, this should not be a global USE flag, and yes, this local flag should die. -mike
signature.asc
Description: This is a digitally signed message part.
