List Archive: gentoo-council
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Thu, 2007-11-08 at 14:25 -0800, Donnie Berkholz wrote:
> Here is the summary from today's council meeting. The complete log will
> show up at http://www.gentoo.org/proj/en/council/ shortly.
> Baselayout-2: uberlord will continue to maintain it
> lu_zero asked whether we had anything to do about baselayout-2 since
> uberlord resigned. He's continuing to maintain it in a git repository
> and will remain upstream for it. More details will emerge over time.
> kingtaco raised the question of trusting external releases and hosts.
> Some responses suggested that using git may prevent the malicious
> because of the possibility of GPG-signed tags. He mentioned the
> possibility of the infra team hosting Gentoo-critical repositories
> access by non-Gentoo developers. It's just an idea at this point, but
> he's going to talk to the rest of the infra team.
They should be treated in the same way as any other package. Or do you
trust a gentoo dev MORE than say a gcc/glibc/kernel/bash/foo dev? If so,
More to the point, if said dev then joins Gentoo, do you implicitly
trust that dev more?
As I've gone the other way, do you now trust me less? I'd like to know
why also :)
At the end of the day, open source is about quite a bit of trust really,
regardless of who you are or who (if anyone) you're coding for at the
And as it may become an external project, it makes things easier to drop
it and say move to einit, init-ng or upstart which has been discussed
firstname.lastname@example.org mailing list