package.mask (3880B)
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-06-04)
- # Last release (0.8.0) in 2009 with several known bugs
- # leading Gentoo to maintain a patchset.
- #
- # Also no releases since CVE-2016-8859 <https://www.openwall.com/lists/oss-security/2016/10/19/1>
- # > Multiple integer overflows in the TRE library and musl libc allow attackers
- # > to cause memory corruption via a large number of (1) states or (2) tags,
- # > which triggers an out-of-bounds write.
- dev-libs/tre
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-05-23)
- # Dropped by Debian maintainers who did the port from NetBSD to Linux
- # in favor of bmake
- # No gentoo maintainers either
- dev-build/pmake
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-05-06)
- # No trust in an allocator with such a broken buildsystem configuration.
- # https://queer.hacktivis.me/notice/AhcQTrlYbAHhVftkKu
- sys-libs/talloc
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-04-12)
- # No.
- app-admin/sudo
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-02-29)
- # Screw language-specific package managers, none of them do proper reviews
- # Only exceptions so far are the ones where packaging in gentoo is
- # either insane or incomplete such as:
- # - npm and others using npmjs.org
- # - dev-elixir/hex
- dev-python/pip
- dev-lua/luarocks
- dev-ml/opam
- dev-scheme/akku
- dev-util/conan
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-02-14)
- # Qt release pace for a chromium fork, effectively a forever:
- # Has security bugs don't use
- dev-qt/qtwebengine
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-01-30)
- # Non-uniform small-keyspace crackable passwords by default
- # See https://www.openwall.com/lists/oss-security/2012/01/17/5
- app-admin/pwgen
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-01-18)
- # Nobody should use imake anymore, X moved off from it in 2005.
- # https://lists.x.org/archives/xorg-announce/2024-January/003440.html
- x11-misc/imake
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2023-08-08)
- # https://www.roguelazer.com/blog/surprising-behavior-in-gnu-tar/
- app-arch/tar
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2023-07-25)
- # Dead upstream, known vulnerabilities (CVE-2021-42260)
- # Author switched to tinyxml2
- dev-libs/tinyxml
- # Haelwenn (lanodan) Monnier - 2023-07-09
- # Binaries
- dev-lang/go-bootstrap
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2023-02-03
- # No bootstrapping, would need a way to bootstrap dev-lang/fpc
- dev-lang/nim
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2023-01-30
- # No bootstrapping, you're supposed to download the blobs from npmjs.org
- # which isn't trustworthy
- dev-lang/typescript
- # Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2018-12-27
- # Bloated, quite insecure (too much trust in other apps, more than paging)
- # alternative can be sys-apps/most, see virtual/pager for others
- sys-apps/less
- # https://www.audacityteam.org/about/desktop-privacy-notice/
- # TL;DR: Audacity is now a Surveillance application
- media-sound/audacity
- # Haelwenn (lanodan) Monnier - 2022-02-05
- # Unmaintained, last update in 2016, 2021 is because Arthur Zamarin of gentoo
- # made a small fork with few patches on top.
- # Also: https://zaitcev.livejournal.com/263602.html - PyPI is not trustworthy
- dev-python/nose
- # Haelwenn (lanodan) Monnier - 2022-06-02
- # Unmaintained, last tarball in 2010, last git update in 2015
- # Contains data like IANA which should be kept up-to-date regularly
- sys-apps/miscfiles
- # Haelwenn (lanodan) Monnier - 2022-07-11
- # Dead upsteam, last updated in 2003
- # Known security bugs, effectively vague fork by distros
- media-libs/id3lib
- # Haelwenn (lanodan) Monnier - 2022-07-11
- # Dead upsteam, last release in 2016
- media-sound/easytag
- # Haelwenn (lanodan) Monnier - 2022-08-30
- # Open-Core
- # https://github.com/danmar/cppcheck/commit/8f386e15fdedff37486c683d933ccc9a1e307388
- dev-util/cppcheck