On 11/08/17 03:08, William L. Thomson Jr. wrote:
> Lets go down this rabbit hole.
Let's not.
--
Sam Jorna (wraeth)
GnuPG ID: D6180C26
signature.asc
Description: OpenPGP digital signature
On Thu, 10 Aug 2017 13:33:54 +1000
"Sam Jorna (wraeth)" wrote:
>
> This is no greater risk than syncing from a potentially compromised
> mirror. You would use a mirror you trust and, similarly (perhaps even
> more so) you would use a binhost you trust.
Getting a bit ridiculous now. Let me get my
On 10/08/17 11:42, William L. Thomson Jr. wrote:
> On Thu, 10 Aug 2017 10:50:45 +1000
> "Sam Jorna (wraeth)" wrote:
>
>> On 10/08/17 06:35, William L. Thomson Jr. wrote:
>>> FYI binpkgs have no hash. If someone did something malicious within
>>> the binhost to the binpkgs. You have no way of know
On 10/08/17 11:47, William L. Thomson Jr. wrote:
> On Thu, 10 Aug 2017 11:25:34 +1000
> "Sam Jorna (wraeth)" wrote:
>
>> On 09/08/17 10:43, William L. Thomson Jr. wrote:
>>> Also your redistributing another's package
>>> in binary format which may not be legally allowed.
>>
>> Just to clarify,
On Thu, 10 Aug 2017 11:25:34 +1000
"Sam Jorna (wraeth)" wrote:
> On 09/08/17 10:43, William L. Thomson Jr. wrote:
> > Also your redistributing another's package
> > in binary format which may not be legally allowed.
>
> Just to clarify, I wasn't suggesting redistributing license-encumbered
> p
On Thu, 10 Aug 2017 10:50:45 +1000
"Sam Jorna (wraeth)" wrote:
> On 10/08/17 06:35, William L. Thomson Jr. wrote:
> > FYI binpkgs have no hash. If someone did something malicious within
> > the binhost to the binpkgs. You have no way of knowing. Yes the
> > same can happen with ebuilds and manife
On 09/08/17 10:43, William L. Thomson Jr. wrote:
> Also your redistributing another's package
> in binary format which may not be legally allowed.
Just to clarify, I wasn't suggesting redistributing license-encumbered
packages. Since binary packages are managed by the system administrator,
not Gen
On 10/08/17 06:35, William L. Thomson Jr. wrote:
> FYI binpkgs have no hash. If someone did something malicious within the
> binhost to the binpkgs. You have no way of knowing. Yes the same can
> happen with ebuilds and manifest. But easy to sync portage and see if a
> manifest has changed.
This i
Just to clarify, the contenders for no binpkg would be the
following, potentially more.
- ebuilds that are fetch restricted
- ebuilds that installs files unchanged, like kernel sources
- Binary ebuilds, -bin, that just use src_install and do not build
anything
There may be some other cases,
On Wed, 9 Aug 2017 22:23:41 +0200
Francesco Riosa wrote:
> 2017-08-09 17:33 GMT+02:00 William L. Thomson Jr. :
>
> > On Wed, 9 Aug 2017 11:07:04 +1000
> > "Sam Jorna (wraeth)" wrote:
> >
> > > > What then is the benefit? If what is installed is the same from
> > > > package manager or binpkg. A
2017-08-09 17:33 GMT+02:00 William L. Thomson Jr. :
> On Wed, 9 Aug 2017 11:07:04 +1000
> "Sam Jorna (wraeth)" wrote:
>
> > > What then is the benefit? If what is installed is the same from
> > > package manager or binpkg. Also your redistributing another's
> > > package in binary format which ma
On Wed, 9 Aug 2017 11:07:04 +1000
"Sam Jorna (wraeth)" wrote:
> > What then is the benefit? If what is installed is the same from
> > package manager or binpkg. Also your redistributing another's
> > package in binary format which may not be legally allowed.
>
> The difference is that how the
On 09/08/17 10:43, William L. Thomson Jr. wrote:
> On Wed, 9 Aug 2017 10:29:40 +1000
> "Sam Jorna (wraeth)" wrote:
>
>> On 09/08/17 04:20, William L. Thomson Jr. wrote:
>>> On Tue, 8 Aug 2017 19:32:48 +0200
>>> Kristian Fiskerstrand wrote:
- You might be applying local patches through /e
On Wed, 9 Aug 2017 10:29:40 +1000
"Sam Jorna (wraeth)" wrote:
> On 09/08/17 04:20, William L. Thomson Jr. wrote:
> > On Tue, 8 Aug 2017 19:32:48 +0200
> > Kristian Fiskerstrand wrote:
> >> - You might be applying local patches through /etc/portage/patches
> >> that are distributed to all clie
On 09/08/17 04:20, William L. Thomson Jr. wrote:
> On Tue, 8 Aug 2017 19:32:48 +0200
> Kristian Fiskerstrand wrote:
>> - You might be applying local patches through /etc/portage/patches
>> that are distributed to all clients
>
> This might be the strongest reason. Though would only apply to stuf
> > On 08/08/2017 07:23 PM, William L. Thomson Jr. wrote:
> > >> it can already be controlled through env files.
> > > I was thinking it might, but having used them to skip other
> > > hooks. I was thinking they could not be used as such for binary
> > > packages. Have you confirmed such is p
On Tue, 8 Aug 2017 20:15:07 +0200
Kristian Fiskerstrand wrote:
> On 08/08/2017 08:10 PM, William L. Thomson Jr. wrote:
> >> I'm not sure explicitly about environment files, but it's an
> >> option to emerge. For instance, I've added this to my
> >> EMERGE_DEFAULT_OPTS to ensure none of the follo
On Tue, 8 Aug 2017 19:32:48 +0200
Kristian Fiskerstrand wrote:
> On 08/08/2017 07:23 PM, William L. Thomson Jr. wrote:
> > Can you think of any? I cannot see any operator wanting a binary of
> > a binary, or a package of sources. When they already have a
> > sources
>
> - The machine you're i
On 08/08/2017 08:10 PM, William L. Thomson Jr. wrote:
>> I'm not sure explicitly about environment files, but it's an option to
>> emerge. For instance, I've added this to my EMERGE_DEFAULT_OPTS to
>> ensure none of the following are built:
>>
>> --buildpkg-exclude "virtual/* sys-kernel/*-sources
On Tue, 8 Aug 2017 13:34:00 -0400
Ian Stakenvicius wrote:
> I'm not sure explicitly about environment files, but it's an option to
> emerge. For instance, I've added this to my EMERGE_DEFAULT_OPTS to
> ensure none of the following are built:
>
> --buildpkg-exclude "virtual/* sys-kernel/*-source
On 08/08/17 01:23 PM, William L. Thomson Jr. wrote:
> On Tue, 8 Aug 2017 19:11:18 +0200
> Kristian Fiskerstrand wrote:
>
>> it can already be controlled through env files.
>
> I was thinking it might, but having used them to skip other hooks. I
> was thinking they could not be used as such for b
On Tue, 8 Aug 2017 10:18:36 -0700
Rich Freeman wrote:
>
> Whether it belongs in the ebuild, or in metadata, is another matter.
The how, implementation, etc is not as important to me. I just think
there should be some means to prevent such. If there is not currently.
As mentioned there could be o
On 08/08/2017 07:23 PM, William L. Thomson Jr. wrote:
> Can you think of any? I cannot see any operator wanting a binary of a
> binary, or a package of sources. When they already have a sources
- The machine you're installing it on might not have internet access so
you want to have the files stor
On wto, 2017-08-08 at 10:18 -0700, Rich Freeman wrote:
> On Tue, Aug 8, 2017 at 10:11 AM, Kristian Fiskerstrand
> wrote:
> > On 08/08/2017 06:37 PM, William L. Thomson Jr. wrote:
> > > I make a lot of binaries for use on other systems, to expedite updates.
> > > It does not make sense for some pa
On Tue, 8 Aug 2017 19:11:18 +0200
Kristian Fiskerstrand wrote:
> On 08/08/2017 06:37 PM, William L. Thomson Jr. wrote:
> > I make a lot of binaries for use on other systems, to expedite
> > updates. It does not make sense for some packages to ever be a
> > binary package.
>
> Any particular re
On Tue, Aug 8, 2017 at 10:11 AM, Kristian Fiskerstrand wrote:
> On 08/08/2017 06:37 PM, William L. Thomson Jr. wrote:
>> I make a lot of binaries for use on other systems, to expedite updates.
>> It does not make sense for some packages to ever be a binary package.
>
> Any particular reason this d
On 08/08/2017 06:37 PM, William L. Thomson Jr. wrote:
> I make a lot of binaries for use on other systems, to expedite updates.
> It does not make sense for some packages to ever be a binary package.
Any particular reason this decision shouldn't be left to the operator of
the binhost rather than t
On Tue, Aug 8, 2017 at 12:37 PM, William L. Thomson Jr.
wrote:
>
> As most things I think this would require support in PMS, or next EAPI
> at minimum. But I think the EAPI comes from PMS, so they are related.
>
Actually, I'm not sure about this since it doesn't really affect what
is actually bui
I make a lot of binaries for use on other systems, to expedite updates.
It does not make sense for some packages to ever be a binary package.
Packages like -bin packages or gentoo-sources, which are just sources.
Having binary ebuilds of those is of no benefit. I can be the opposite
causing things
29 matches
Mail list logo