On Wednesday 20 June 2007, Olivier CrĂȘte wrote: > On Wed, 2007-20-06 at 18:28 -0400, Mike Frysinger wrote: > > On Wednesday 20 June 2007, Olivier CrĂȘte wrote: > > > On Wed, 2007-20-06 at 17:19 -0400, Mike Frysinger wrote: > > > > the use of the binpkg is not an issue, it's the creation ... people > > > > blindly creating tbz2's which could contain their sensitive files and > > > > posting them > > > > > > > > i'll just go ahead with the feedback from Olivier and have quickpkg > > > > skip CONFIG_PROTECT by default > > > > > > This will by default create potentially broken packages (since many > > > just wont work without their CONFIG_PROTECTed files). That's why I > > > suggested a big fat warning and accepting that we can't protect users > > > against themselves or against social engineering (aka their own > > > stupidity). > > > > i think this would only be an issue where quickpkg is being run > > non-interactively and the output not being reviewed (which i also dont > > think is a common scenario for quickpkg) ... the new output of quickpkg > > will be explicit in what it is (or isnt) doing so there wont be any issue > > of "drive by" social engineering > > Well, I often use quickpkg when I want to try a new version of a package > (I quickpkg the currently installed one.. and I want to keep all the > config files). Then I emerge the new one, and I absolutely want to be > able to restore the config files if I want to revert to an older > version, either because they have been broken by the pkg_postinst or > something else. I still haven't heard a good reason to change anything > thats not the printing in quickpkg.
i didnt say i was going to be disallowing this, i said i'd be making it no longer the default behavior ... what you want to do will still be perfectly possible > > as for dubbing people who are successfully socially engineered "stupid", > > i dont really think that's appropriate ... consider noobs on irc in > > #gentoo who just want to help and havent learned their way around yet. > > are they stupid (well they might be, but lets give them the benefit of > > the doubt) ? i'd liken the situation to a kid growing up ... kids arent > > stupid, they lack experience and calling them stupid isnt constructive > > I'm not calling anyone stupid... but I'm talking of our inner stupidity > (which we all have)... ah, zen stupidity -mike
signature.asc
Description: This is a digitally signed message part.
