List Archive: gentoo-council
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On 07:53 Fri 09 Nov , Roy Marples wrote:
> On Thu, 2007-11-08 at 14:25 -0800, Donnie Berkholz wrote:
> > Here is the summary from today's council meeting. The complete log will
> > show up at http://www.gentoo.org/proj/en/council/ shortly.
> > Baselayout-2: uberlord will continue to maintain it
> > ---------------------------------------------------
> > lu_zero asked whether we had anything to do about baselayout-2 since
> > uberlord resigned. He's continuing to maintain it in a git repository
> > and will remain upstream for it. More details will emerge over time.
> > kingtaco raised the question of trusting external releases and hosts.
> > Some responses suggested that using git may prevent the malicious
> > host,
> > because of the possibility of GPG-signed tags. He mentioned the
> > possibility of the infra team hosting Gentoo-critical repositories
> > with
> > access by non-Gentoo developers. It's just an idea at this point, but
> > he's going to talk to the rest of the infra team.
> They should be treated in the same way as any other package. Or do you
> trust a gentoo dev MORE than say a gcc/glibc/kernel/bash/foo dev? If so,
> More to the point, if said dev then joins Gentoo, do you implicitly
> trust that dev more?
I brought up that point during the meeting, if you read the log you'll
see it. =)
> As I've gone the other way, do you now trust me less? I'd like to know
> why also :)
I don't hold this opinion, but people could bring up later resentment at
Gentoo for not being able to get your way, etc.
I think we successfully directed any paranoia away from you and in the
direction of whether wherever a git repo would get hosted is less
trustable than Gentoo infra.
Could you tell us a bit about what you're thinking for where to host the
firstname.lastname@example.org mailing list