Lorenz (xha) <me@xha.li> wrote:

> On Thu, Jul 18, 2024 at 09:50:56AM -0600, Theo de Raadt wrote:
> > Lorenz (xha) <me@xha.li> wrote:
> > 
> > > On Thu, Jul 18, 2024 at 09:45:34AM -0600, Theo de Raadt wrote:
> > > > Lorenz (xha) <me@xha.li> wrote:
> > > > 
> > > > > the HARE_TD_<files> are the "typedef" files, basically the equivalent
> > > > > to C headers, but automatically generated by the compiler so we can
> > > > > do resolution of types/functions/etc. in dependencies without having
> > > > > to look at the source files themselves.
> > > > > 
> > > > > i doubt that anyone is ever going to make use of more than 125 imports.
> > > > > 
> > > > > the problem is that i cannot simply restict that to one folder. they
> > > > > could be anywhere (even though they are not usually). that'd complicate
> > > > > the patch a lot for... allowing more than 125 imports?
> > > > > 
> > > > > the error message will not be particularly hard to read; i guess if
> > > > > someone really hits the limit, we can do something about it then?
> > > > 
> > > > So tell us --- when someone hits that limit, what do they need to
> > > > do about it?
> > > > 
> > > > What do they do then?
> > > 
> > > modify this patch so it finds the common folder where the typedef
> > > files are in and unveil to it instead. that's what i would do.
> > 
> > 
> > 
> > You have not answered the question.
> > 
> > And by not answering it, you have not justified the use of unveil().
> 
> sorry, then i don't understand your question.

This change gets commited, and the package now does unveil.

A user on the internet finds out the package simply exits with a
message.

What do they do now?

The software is not fit for purpose.  You broke an actual use case.