On Sun, 2024-04-07 at 16:48 +0200, Michał Górny wrote: > > So, what you're basically saying, is that the best Gentoo response right > now would be to frantically remove LZMA support everywhere? I'm sure > that would be so much better than our response of masking vulnerable > versions and issuing a statement. >
Only in the sense that people who park their cars in the bike lane are basically Hitler. This really has nothing to do with the xz thing. The timing was funny, that's all. What I am saying is that I want the freedom to not have things pointlessly enabled on my systems, because similar problems (and worse) happen all day every day. The less exposure I have, the better. The liblzma backdoor was timely because it will prevent most people from telling me I'm being paranoid, but it could have been USE=anything on any other day. Moving the defaults out of the high-level profiles will give control back to the user, hence my complaint about it.
