Alec Warner <[EMAIL PROTECTED]> wrote: > Was talking with Brian about the build environment and how settings > were to be passed into the build environment. > > Essentially three scenarios were presented. > Snip and summary:
1) Pass everything 2) Blacklist and strip bad stuff 3) Whitelist good stuff; strip everything else > > To me 1) is unacceptable and 3) is the best option. Feel free to > shoot these down as you see fit ;) Option 4: Strip everything. Have portage take a snapshot of the environment and keep it in a hash (or whatever Python call associative arrays) when it starts. Nothing in the environment is to be trusted, so flush it. Portage already parses certain environment variables to establish the build environment; have portage parse its snapshot to establish the build environment. Nothing is passed from the original environment; everything passed in the environment is considered to be a "portage variable". This, I suppose, is an extreme case of the whitelist. I don't particularly like option 4, but it is an option. I much prefer option 1. It's more work for the maintainers, but breakage from the environment should be fixed in the Makefile and pushed upstream. -- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^ A unix signature isn't a return address, it's the ASCII equivalent of ^ ^ a black velvet clown painting. It's a rectangle of carets surrounding ^ ^ a quote from a literary giant of weeniedom like Heinlein or Dr. Who. ^ ^ -- Chris Maeda ^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- [EMAIL PROTECTED] mailing list
