On 2020.04.07 09:48, Ulrich Mueller wrote: > >>>>> On Tue, 07 Apr 2020, Samuel Bernardo wrote: > > > No assurance is also a level that takes place in the lower ranking > > level. If someone needs to use zoom because they are demanded by > their > > boss I think that would be even more useful to know that it is > possible > > to install zoom in Gentoo and that is rated as the worst possible > > software. Maybe this would allow others to join our zoom claim... > > We could add a README.gentoo file with our caveats. It won't be > perfect, > but maybe better than nothing. (And certainly better than displaying a > warning on every upgrade, which will eventually annoy people [1].) > > Any suggestions for a wording? > > Ulrich > > > [1] https://bugs.gentoo.org/416769 >
Team, Just 'No.' Its not useful to anyone to single out a single binary only package for special treatment. Lets compare zoom to firefox-bin as a worked example. Nobody except Mozilla knows whats in firefox-bin. Gentoo doesn't build it, its the official Mozilla binary build. Mozilla distubute source code too. There is no assurace that they are the sources used to build firefox-bin. Over the years Firefox has had its share of CVEs. How is firefox-bin any different to zoom? I've only selected firefox-bin as a worked example. There are other binary packages in ::gentoo. In the same boat. They all need to be treated consistently. Then there is the question of the liability exposure. There are two prongs to this. a) any advice will be incomplete and or out of date. That will damage trust. b) one day, it will be plain wrong and zoom or whoever will get very upset and be able to prove it. Its OK to publish advice based on beliefs or opinions, there is no requirement for beliefs or opinions to be based on fact but we are not discussing beliefs or opinions here. In summary, we can't be sure of our facts. We can't be sure that any warning complete and correct. Gentoo must not single out any package for special treatment. -- Regards, Roy Bamford (Neddyseagoon) a member of elections gentoo-ops forum-mods arm64
pgpv44y3BnnyV.pgp
Description: PGP signature
