On Thu, 2020-04-02 at 10:13 +0800, William Kenworthy wrote:
> And I would like to add that sometimes you don't have a choice - if
> someone who is paying you says to use zoom, there is no choice
You always have a choice. You can live poor and happy! ;-)
> - but I
> would rather use gentoo
And I would like to add that sometimes you don't have a choice - if
someone who is paying you says to use zoom, there is no choice - but I
would rather use gentoo than fire up the MS laptop..
What gentoo can do is mitigate the risk - which I need to look into to
see whats done in the ebuild
On Wed, Apr 1, 2020 at 5:18 PM Alessandro Barbieri
wrote:
> I have concerns about the inclusion of zoom in ::gentoo. For me it's more
> like a malware.
> From the hacker news feed you'll find out that:
>
> [1] zero day vulnerability found
>
[2] passwords are truncated to 32 bit
>
[3] previously
On Wed, Apr 1, 2020 at 8:18 PM Alessandro Barbieri
wrote:
>
> I have concerns about the inclusion of zoom in ::gentoo. For me it's more
> like a malware.
> From the hacker news feed you'll find out that:
I guess we could stick an einfo in the post-install messages, but if
you're joining a zoom
# Andreas Sturmlechner (2020-04-02)
# Broken and unmaintained upstream, last commit in 2016, bug #715594
# Use sys-block/partitionmanager instead. Masked for removal in 30 days.
sys-block/kvpm
I have concerns about the inclusion of zoom in ::gentoo. For me it's more
like a malware.
>From the hacker news feed you'll find out that:
[1] zero day vulnerability found
[2] passwords are truncated to 32 bit
[3] previously sent data to facebook
[4] end to end traffic isn't encrypted
[5] signed
On Wed, Apr 01, 2020 at 11:30:00PM +0100, Samuel Bernardo wrote:
> Hi Robin,
>
> On 4/1/20 11:07 PM, Robin H. Johnson wrote:
> >>> # I am considering removing this and just hard coding mirror://goproxy
> >>> # below, so please do not rely on it.
> >>> :
Title: Deprecation and removal of legacy X11 input drivers.
Author: Piotr Karbowski
Posted: 2020-04-02
Revision: 1
News-Item-Format: 2.0
Display-If-Installed: x11-drivers/xf86-input-mouse
Display-If-Installed: x11-drivers/xf86-input-keyboard
The Gentoo X11 Team is announcing the deprecation and
On Wed, Apr 01, 2020 at 04:14:48PM -0400, Michael Orlitzky wrote:
> On 4/1/20 4:03 PM, Samuel Bernardo wrote:
> >
> > Couldn't security issue in a Go library be solved with keyword mask and
> > announce in portage?
>
> If there's an ebuild for the library, then yeah, you've got the right
>
Hi Robin,
On 4/1/20 11:07 PM, Robin H. Johnson wrote:
>>> # I am considering removing this and just hard coding mirror://goproxy
>>> # below, so please do not rely on it.
>>> : "${_GOMODULE_GOPROXY_BASEURI:=mirror://goproxy/}"|
>> So, go-module.eclass provides a good base to follow SRP pattern
On Wed, Apr 01, 2020 at 12:50:56PM +0100, Samuel Bernardo wrote:
> Hi Robin,
>
> On 4/1/20 6:36 AM, Robin H. Johnson wrote:
> > Samuel:
> > I already proved that using go-module.eclass EGO_SUM it will NOT use Git
> > repositories, and all of the fetching will happen long before
> > src_unpack.
On 4/1/20 4:03 PM, Samuel Bernardo wrote:
>
> Couldn't security issue in a Go library be solved with keyword mask and
> announce in portage?
If there's an ebuild for the library, then yeah, you've got the right
idea. But with the Go eclasses, there are no ebuilds for any of the
dependencies.
Hi Michael,
On 4/1/20 6:01 PM, Michael Orlitzky wrote:
> On 4/1/20 11:49 AM, Alec Warner wrote:
>> Imagine a common dep (CommonFoo-x-y-z)
>> has a security problem, so we must upgrade to CommonFoo-y-z. In the
>> scenario where CommonFoo is a dynamically linked package we can
>> recompile it
> "UM" == Ulrich Mueller writes:
UM> So, removal of the package seems to be the only option that makes sense,
UM> unless we would downgrade to that old version.
Agreed. Cest la vie.
-JimC
--
James Cloos OpenPGP: 0x997A9F17ED7DAEA6
Hi Alec,
Really great reading about packaging and the current challenges. This
would be great to be posted in Gentoo blog!
---
To all community:
I would like to commend the know how of Gentoo community and their
principles.
I would like to evidence relatively to other distributions some
On 4/1/20 11:49 AM, Alec Warner wrote:
> Imagine a common dep (CommonFoo-x-y-z)
> has a security problem, so we must upgrade to CommonFoo-y-z. In the
> scenario where CommonFoo is a dynamically linked package we can
> recompile it once[4] and new consumers will just use the new dynamic
> shared
On Wed, Apr 1, 2020 at 5:14 AM Samuel Bernardo <
samuelbernardo.m...@gmail.com> wrote:
> Hi Robin,
> On 4/1/20 6:36 AM, Robin H. Johnson wrote:
>
> Normally we don't bundle dependencies, avoiding that problem entirely.
> The Go eclasses however are badly designed, committed against protest by
>
> On Tue, 31 Mar 2020, Ulrich Mueller wrote:
> I've sent an e-mail message upstream, asking for confirmation that 10.24
> can be used, copied, modified, and/or distributed freely.
This is the answer from upstream (posted here with permission):
| The license on https://dn-works.com/ufas/ is
Hi Robin,
On 4/1/20 6:36 AM, Robin H. Johnson wrote:
>> Normally we don't bundle dependencies, avoiding that problem entirely.
>> The Go eclasses however are badly designed, committed against protest by
>> paid corporate interests, and serve only to facilitate large-scale
>> copyright
Hi Robin,
On 4/1/20 6:36 AM, Robin H. Johnson wrote:
> Samuel:
> I already proved that using go-module.eclass EGO_SUM it will NOT use Git
> repositories, and all of the fetching will happen long before
> src_unpack. Why do you persist with your statement to the contrary?
Sorry my
On Wed, 2020-04-01 at 05:36 +, Robin H. Johnson wrote:
> On Tue, Mar 31, 2020 at 09:18:32PM -0400, Michael Orlitzky wrote:
> > On 3/31/20 8:48 PM, Samuel Bernardo wrote:
> > > My question started with the network sandbox issue when we need to load
> > > external code dependencies. For example,
On 4/1/20 1:36 AM, Robin H. Johnson wrote:
> mjo: Can you please substantiate your claims?
>
> It would have been nice to have heard your concerns during February, any
> of one the three times that William and I posted the go-module.eclass
> EGO_SUM development work for review on this mailing
> "UM" == Ulrich Mueller writes:
UM> I've sent an e-mail message upstream, asking for confirmation that 10.24
UM> can be used, copied, modified, and/or distributed freely.
cool. i hope useful info results.
-JimC
--
James Cloos OpenPGP: 0x997A9F17ED7DAEA6
23 matches
Mail list logo
