On Thu, 27 Apr 2017 12:58:23 +0200
Dirkjan Ochtman wrote:
> I also want to drop the following:
>
> - dev-lang/erlang
It'd be great if whoever takes over maintainership of erlang could also
take care of dev-util/rebar. Dirkjan is currently proxying it for me,
but I don't use it anymore. (In fact
;ve never
had any issues compiling vanilla-sources with my hardened gcc.
Regards,
Luis Ressel
pgpcIzUTAKWA0.pgp
Description: OpenPGP digital signature
ng them if there's already an update pending?
I'm generating metadata locally. There are changes to some of the more
important eclasses roughly every other week; and after such a change,
the regen takes 10-25 minutes on my hardware.
I don't understand your question (3).
Regards
27;t encountered any problems after switching on my own hosts.
Just keep in mind that vanilla-sources doesn't support the PaX xattrs
properly (AFAIR), so if you ever want to switch *back* from vanilla to
hardened, some pax markings will be missing. This shouldn't be an issue
for
o this, there are no open bugs.
@aidecoe: CC'ing you as the maintainer of rebar.eclass.
Cheers,
Luis Ressel
27;t a member of the portage
group.
By the way, the herds.xml file is still available at
https://api.gentoo.org/packages/herds.xml and can probably be removed
from there as well.
--
Regards,
Luis Ressel
pcre
* nginx_modules_http_image_filter -> gd
Introduce new USE flags for the remaining few modules -- voilĂ , there
you go, no need for a new USE_EXPAND and the users will even get a
useful set of default modules enabled based on their global USE flags.
--
Luis Ressel
On Tue, 9 Feb 2016 11:34:12 +1300
Kent Fredric wrote:
> nginx_modules_http_lua? ( !luajit? ( dev-lang/lua:0= ) luajit?
> ( dev-lang/luajit:2= ) )
This should of course also be changed to the global 'lua' useflag.
Currently, you're even mixing NGINX_MODULES and normal USE flags here
for m
t?
> Because NGINX is monolithic, but its sources are aggregated from a
> bunch of different authors for some fun reason, sort of like having a
> `linux-kernel` ebuild with a SRC_URI for every single vendor name (
> *barf* )
>
> I really do not envy the nginx maintainer.
>
Me neither. @mrueg or whoever's the maintainer: Thanks for sparing the
rest of us from this insanity. :)
Regards,
Luis Ressel
USE's this way matters very
much. If enable geoip or ldap in my make.conf, I expect packages with
optional geoip/ldap support to enable this support.
Also, if you wish to document this mapping in more detail, that's
exactly what we have the tags in metadata.xml for. You can even
write whole sentences in there! :)
Regards,
Luis Ressel
t Changelogs are trying to avoid.
--
Regards,
Luis Ressel
pgpq6zs8rkL_V.pgp
Description: OpenPGP digital signature
package has been merged?
--
Regards,
Luis Ressel
Luis Ressel
GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD
pgpBC7jG9HFAG.pgp
Description: OpenPGP digital signature
erefore, I think we'd be better off providing such tests
out-of-band (test plans in the wiki), or perhaps stuffing them into
pkg_config().
Don't get me wrong, I'm not at all opposed to your idea of easing the
ATs' life, I'm just not convinced of the neccessity of EAPI change
repos,
too. (I don't really care about dtd and xml-schema, but for the other
two, I think this would make much sense.)
Currently, it looks like commits to xml-schema aren't signed at all,
all commits to glsa are signed, and commits to the other two repos are
partly signed.
Regards,
Luis Ressel
obably notice after a
while).
At the same time, I don't see any disadvantages to requiring commit
signatures; does anyone else?
Regards,
Luis Ressel
On Mon, 18 Feb 2013 23:27:46 +
"Robin H. Johnson" wrote:
> 3. Dedicated Gentoo signing subkey
What's the point of this, btw?
Luis
signature.asc
Description: PGP signature
On Wed, 20 Feb 2013 21:37:38 +
"Robin H. Johnson" wrote:
> Ideally keeping your primary key offline to increase security.
>
> However, the original theory was that if there was some attack that
> required a large amount of ciphertext or a targeted plaintext input,
> you would be limiting the
On Tue, 26 Feb 2013 17:10:56 +0700 (NOVT)
gro...@gentoo.org wrote:
> Hello *,
> I am stuck and have many questions.
> [In the process of becoming a dev, I've generated a gpg key, of course. It
> vwas on an old notebook. When I switched to a newer notebook, I forgot to
> copy it, because I don't
On Sat, 23 Mar 2013 10:52:00 +0100
Martin Dummer wrote:
> If I manage one day to achieve the gentoo dev status then I am willing
> to pick up maintainership of
>
> > app-laptop/nvidiabl
>
> but until then?
What about proxy-maintainership?
Luis
signature.asc
Description: PGP signature
ase is not directly comparable with virtual/mta:
We've got this for other packages to depend on it, at least that is my
understanding. In a case like this, a handbook entry should suffice.
Luis Ressel
signature.asc
Description: PGP signature
On Thu, 02 Jan 2014 11:10:54 -0500
Ian Stakenvicius wrote:
> ..or we could just do this, using the existing RESTRICT="mirror"
> that's already in ebuilds -- have a DISTDIR and a NODISTCACHEDIR,
> NODISTCACHEDIR defaults to DISTDIR; if RESTRICT="mirror" then
> distfiles are saved to NODISTCACHEDIR
On Fri, 3 Jan 2014 05:37:33 +1300
Kent Fredric wrote:
> Fair point. I was more seeing a pattern emerging and exploring where
> that might lead.
>
> Though I figure it a useful distinction for convenience sake.
>
> Consider if you wanted to archive some files to make a subsequent
> gentoo instal
On Thu, 2 Jan 2014 17:53:45 +0100
Ulrich Mueller wrote:
> RESTRICT is somewhat complementary to LICENSE and cannot provide as
> much information. Especially, RESTRICT="mirror" doesn't say under
> what license the restricted pieces are, and doesn't allow for
> ACCEPT_LICENSE filtering.
But is thi
On Thu, 02 Jan 2014 12:13:47 -0500
Ian Stakenvicius wrote:
> RESTRICT="fetch" requires the user to do their own fetching; since
> they're doing that, it should be pretty obvious that the distfile is
> restricted somehow. Of course, they are still able to do whatever
> they want, but I expect any
I've got an additional proposal: It would be interesting if this
feature could also make use of the LINGUAS var for selectively
filtering /usr/share/man and and /usr/share/locale, as most ebuilds
don't respect this variable natively.
--
Luis Ressel
GPG fpr: F08D 2AF6 655E 25DE 52BC
uplication of information,
but if it eases the implementation, that shouldn't be much of a problem.
But imho it'd be nice if this approach didn't require a separate config
entry for each language (that'd be 233 entries).
--
Luis Ressel
GPG fpr: F08D 2AF6 655E 25DE 52BC E
less the same time.
>
> Determinism results in more or less the same time, that's correct;
> proper benchmarks would show you a similar result.
I guess he means that the (according to the file sizes) extensive
caching doesn't seem to be of much use.
--
Luis Ressel
GPG fpr: F08
On Mon, 13 Jan 2014 16:46:08 +0100
Tom Wijsman wrote:
> On Mon, 13 Jan 2014 16:38:59 +0100
> Luis Ressel wrote:
>
> > On Mon, 13 Jan 2014 15:58:13 +0100
> > Tom Wijsman wrote:
> >
> > > Half a minute if you disable backtracking which you don't need
EROOT}usr/$(get_libdir)/gdk-pixbuf-2.0/2.10.0/loaders.cache"
+ cp -f "${tmp_file}"
"${EROOT}usr/$(get_libdir)/gdk-pixbuf-2.0/2.10.0/loaders.cache" &&
+ rm "${tmp_file}" # don't replace this with mv, required for SELinux
support
e
On Wed, 09 Apr 2014 22:34:07 +0200
Pacho Ramos wrote:
> mail-filter/bogofilter
If no dev wants it, I'll proxy-maintain it.
Regards,
Luis Ressel
signature.asc
Description: PGP signature
On Wed, 9 Apr 2014 22:48:55 +0200
Luis Ressel wrote:
> On Wed, 09 Apr 2014 22:34:07 +0200
> Pacho Ramos wrote:
>
> > mail-filter/bogofilter
>
> If no dev wants it, I'll proxy-maintain it.
Okay, that's obsolete now that johu stepped up...
Regards,
Luis Res
at all to run a separate postgres instance (upstream
is explicitly supporting it), I'd strongly recommend doing so even with
network-sandbox being disabled.
--
Regards,
Luis Ressel
signature.asc
Description: PGP signature
er, even with network-sandbox being enabled such
behaviour would still constitue a major bug which would be fixed by the
devs.
So yes, network-sandbox (and same goes for ipc-sandbox) is mainly a
debugging aid for developers which will help them spot such problems
more easily.
--
Regards
The kernel-2.eclass calls epatch_user, so AFAIK you don't have to
create a local ebuild copy in order to patch the kernel, just drop your
patches in /etc/portage/patches/sys-kernel/hardened-sources/.
Regards,
Luis Ressel
signature.asc
Description: PGP signature
such a virtual, why not just
let him do it?
Regards,
Luis Ressel
signature.asc
Description: PGP signature
"
The following REQUIRED_USE flag constraints are unsatisfied:
heimdal? ( !mit-krb5 ) mit-krb5? ( !heimdal )"
"
might be a bit confusing to some people, and remember that constraint
string would grow much longer if there were more providers, as grows
quadratically.
Regards,
Luis Ressel
signature.asc
Description: PGP signature
th the original workflow. Okay, perhaps
package.masking - is a bit uncommon and clutters package.mask, but
it's not all *that* bad and it eases the workflow.
Regards,
Luis Ressel
signature.asc
Description: PGP signature
t; media-libs/xine-lib or sys-fs/udev ebuilds does
>
> (It just seemed this was unclear to some replying in this thread.)
>
> - Samuli
>
>
Thanks for the clarification. This approach seems to be the optimum.
Regards,
Luis Ressel
signature.asc
Description: PGP signature
ABI change
Author: Luis Ressel
Poste
On Thu, 8 Jan 2015 09:16:36 -0600
William Hubbs wrote:
> Rich is correct, maintainers are no longer bound by the games team
> policy.
>
I didn't know this. If that's the case, I'd like to proxy-maintain
nethack. I'll try and prepare the neccessary
able rules in the netfiler FORWARD chain to ensure only
distcc gets through
4) Set up SNAT or MASQUERADE in netfilter's nat table
5) There you go!
This is beautiful because is doesn't require any userland proxies, but
of course, it would be difficult to set up in an automated fashion. So
my proposal would be just to stay with the status quo, and document the
above in the wiki for those who really want to use both network-sandbox
and distcc despite the hassle.
Regards,
Luis Ressel
On Thu, 26 Feb 2015 10:13:14 -0600
Alex Brandt wrote:
> # Alex Brandt (21 Feb 2015)
> # Upstream renamed to docker-compose for all future releases
> app-emulation/fig
>
Wouldn't a pkgmove be the better way to handle this?
--
Luis Ressel
GPG fpr: F08D 2AF6 655E 25DE 52B
theanfire
IIRC, just one or two months ago several of the sys-firmware/iwl*-ucode
packages were lastrited with the recommendation of using
sys-kernel/linux-firmware instead. So why are we adding new firmware
ebuilds now? The iwl7625 firmware seems to be in linux-firmware, too.
Regards,
Luis Ress
sensible security feature for which
implementations are available, for example grSecurity's TPE) -- well,
then the GCC won't be of any help for the attacker, because he can't
execute the compiled binary.
Not that it matters. :)
--
Luis Ressel
GPG fpr: F08D 2AF6 655E 25DE 52BC
repo, they were overwritten by
cbb7cfa sys-kernel/tuxonice-sources: Version bumps.
Was this intended? If not, @nerdboy: You might want to commit these
changes again.
Regards,
Luis Ressel
sasl, it uses gdbm if both gdbm and berkdb use flags are
enabled), but for ssl, we might want to specify "REQUIRED_USE = ^^
(..)" so it's possible to use USE dependencies in order to avoid
namespace conflicts. If there's no REQUIRED_USE,
"somelibrary[libressl]" might be satisfied even though somelibrary is
actually linked to openssl.
--
Regards,
Luis Ressel
place of forcing a regen of the Manifests
> after the ChangeLogs for the moment.
>
Why on earth are the ChangeLogs tracked in the Manifest at all? Aren't
they auto-generated by the rsync mirrors these days anyway? Manifests
are nice for DIST files, but tracking ChangeLogs seems a bit useless to
me.
Regards,
Luis Ressel
Only x11-libs/libfakekey and x11-libs/libxsettings-client are still
unmasked; both of them have additional maintainers, so nothing will
have to go to maintainer-neeeded@ when the GPE herd is disbanded.
By the way, x11-libs/libxsettings-client doesn't have any revdeps and
looks like it could be removed along with the other GPE stuff.
libfakekey still has some revdeps, though.
--
Luis Ressel
48 matches
Mail list logo
