Diego Elio Pettenò wrote: > > Problem #1 is that sci-geosciences/osgearth-2.4 depends on > > =dev-lang/v8-3.18.5.14 (see > > <https://bugs.gentoo.org/show_bug.cgi?id=484786> for context). It > > doesn't work with more recent v8, but it can be made to not depend on v8. > > If "made not to depend" means "bundle", is the bundled version any safer > than the ebuild there? If the answer is no, you're now increasing the > security issue.
Based on my previous impression I OTOH assumed that Paweł meant disabling use of v8, but since I don't use either package I didn't look at the bug. Your email made me more curious, and as Paweł wrote the bug gives plenty of context, among other things Paweł has attached a patch there to disable v8 in osgearth. I think it's commendable that he doesn't settle for simply masking osgearth along with v8. //Peter
