1 |
On Thu, 2007-11-08 at 14:25 -0800, Donnie Berkholz wrote: |
2 |
> Here is the summary from today's council meeting. The complete log will |
3 |
> show up at http://www.gentoo.org/proj/en/council/ shortly. |
4 |
|
5 |
|
6 |
|
7 |
> Baselayout-2: uberlord will continue to maintain it |
8 |
> --------------------------------------------------- |
9 |
|
10 |
> lu_zero asked whether we had anything to do about baselayout-2 since |
11 |
> uberlord resigned. He's continuing to maintain it in a git repository |
12 |
> and will remain upstream for it. More details will emerge over time. |
13 |
|
14 |
> kingtaco raised the question of trusting external releases and hosts. |
15 |
> Some responses suggested that using git may prevent the malicious |
16 |
> host, |
17 |
> because of the possibility of GPG-signed tags. He mentioned the |
18 |
> possibility of the infra team hosting Gentoo-critical repositories |
19 |
> with |
20 |
> access by non-Gentoo developers. It's just an idea at this point, but |
21 |
> he's going to talk to the rest of the infra team. |
22 |
|
23 |
They should be treated in the same way as any other package. Or do you |
24 |
trust a gentoo dev MORE than say a gcc/glibc/kernel/bash/foo dev? If so, |
25 |
why? |
26 |
More to the point, if said dev then joins Gentoo, do you implicitly |
27 |
trust that dev more? |
28 |
|
29 |
As I've gone the other way, do you now trust me less? I'd like to know |
30 |
why also :) |
31 |
|
32 |
At the end of the day, open source is about quite a bit of trust really, |
33 |
regardless of who you are or who (if anyone) you're coding for at the |
34 |
time. |
35 |
|
36 |
And as it may become an external project, it makes things easier to drop |
37 |
it and say move to einit, init-ng or upstart which has been discussed |
38 |
before. |
39 |
|
40 |
Thanks |
41 |
|
42 |
Roy |
43 |
|
44 |
-- |
45 |
gentoo-council@g.o mailing list |