On Fri, Nov 30, 2012 at 4:13 PM, Tomáš Chvátal <tomas.chva...@gmail.com> wrote: > Dne Pá 30. listopadu 2012 20:37:22, Pacho Ramos napsal(a): >> media-sound/logitechmediaserver-bin -> this package is "special", it's >> maintained by a proxy maintainer but it was reassigned to >> maintainer-needed instead of proxy-maint herd. Was reviewing to reassign >> it when I saw: >> https://bugs.gentoo.org/show_bug.cgi?id=251494 >> >> that I have no idea about how to handle :| > > Simple, > add hardmaks explaining possible secuirty issues due to bundling earth&heaven, > and then let the proxymaintainer play with it if he wants. > > The mask will be lifted only under condition these issues are fixed. > People can unmask quite easily if they want, we don't need everything in > stable :-)
I can't say that I agree with this needing to be masked. If it HAS a known security issue, then mask it. If the only issue is that it bundles too many libs, well, then just stick an ewarn in there or something but make it the user's call. Should we mask chrome while we're at it (and yes, I'm aware that the chromium team is doing their best to remove these, but there are MANY left)? How about mythtv - that bundles ffmpeg? Yes, it is lousy practice, but our options are to change the world, practically fork upstream, or refuse to include useful packages. It is admirable when we can remove bundled libs, but this should not be mandatory for having a package in the tree. Actual security issues should be fixed, of course, or masked. Sure, it ain't perfect or pretty, but it works. And when dealing with outsiders, whether they are proxy maintainers or our founder, can we at least try to be polite? Rich
