On January 3, 2020 9:55:31 AM EST, Michael Orlitzky <m...@gentoo.org> wrote: >On 1/3/20 9:52 AM, Michael Orlitzky wrote: >> >> But here we are. Do we make OpenRC Linux-only and steal the fix from >> systemd? Or pretend to support other operating systems, but leave >them >> insecure? >> > >Or the gripping hand: rewrite opentmpfiles in C, so that it's only as >insecure as checkpath. > >Every option sucks. I was only trying to point out that vanilla-sources >gets no security support -- security@ has stated this, but it's on a >private bug, so I won't quote it -- and the risk is more than academic. This should be known. Security does not support vanilla-sources. This is one reason vanilla-sources are not stabilized. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
- Re: [gentoo-dev] Vanilla sources Toralf Förster
- Re: [gentoo-dev] Vanilla sources Michael Orlitzky
- Re: [gentoo-dev] Vanilla sources Rich Freeman
- Re: [gentoo-dev] Vanilla sources Toralf Förster
- Re: [gentoo-dev] Vanilla sources Michael 'veremitz' Everitt
- Re: [gentoo-dev] Vanilla sources Hanno Böck
- Re: [gentoo-dev] Vanilla sources William Hubbs
- Re: [gentoo-dev] Vanilla sources Michał Górny
- Re: [gentoo-dev] Vanilla sources Michael Orlitzky
- Re: [gentoo-dev] Vanilla sources Michael Orlitzky
- Re: [gentoo-dev] Vanilla sources Aaron Bauman
- Re: [gentoo-dev] Vanilla sources Rich Freeman
- Re: [gentoo-dev] Vanilla sources Roy Bamford
- Re: [gentoo-dev] Vanilla sources Rich Freeman
- Re: [gentoo-dev] Vanilla sources Roy Bamford
- Re: [gentoo-dev] Vanilla sources Thomas Deutschmann
- Re: [gentoo-dev] Vanilla sources Roy Bamford
- Re: [gentoo-dev] Vanilla sources Christopher Head
- Re: [gentoo-dev] Vanilla sources Rich Freeman
- Re: [gentoo-dev] Vanilla sources Thomas Deutschmann
- Re: [gentoo-dev] Vanilla sources William Hubbs