On Mon, Apr 17, 2023 at 02:28:22PM +0500, Anna (cybertailor) Vyalkova wrote: > On 2023-04-17 09:37, Florian Schmaus wrote: > > The EGO_SUM alternatives > > - do not have the same level of trust and therefore have a negative > > impact on security (a dubious tarball someone put somewhere, especially > > when proxy-maint)
I haven't read all of this thread yet, but I did speak with Sam last night, and I have another idea about this. - I still want to deprecate EGO_SUM, but I'm working in the background on reworking get-ego-vendor to generate the data that goes into src_uri directly. This would eliminate most of the processing in the eclass. That, however, doesn't remove the concern about big ebuilds and manifests. I will look at the remainder of the thread to figure out what is going on with that. William
signature.asc
Description: PGP signature
