On 9/12/19 1:43 PM, Mike Gilbert wrote: > > They do "go away" if you pass the right options to emerge, or if you > install it from a binpkg in the first place. >
The dependencies are statically linked into the final executable forever and receive no security updates. Portage doesn't even know they're there. Depclean doesn't do what you think it does in that case. (I'm sure you personally understand how this works, but a regular user has no idea that we've installed 100MB of vulnerable code on his machine and have just abandoned it there.)
