1 |
On Saturday 24 June 2006 18:54, Edward Catmur wrote: |
2 |
> * Security (from malicious contributors): Glad to see layman will only |
3 |
> track the reviewed/ tree; still, anyone who checks out the sunrise/ tree |
4 |
> (and has it in PORTDIR_OVERLAY) is vulnerable. |
5 |
> |
6 |
> - Remove from the examples any suggestion that one should check out the |
7 |
> whole tree when contributing. Point out that one should not svn up |
8 |
> sunrise/ as part of updating Portage. |
9 |
|
10 |
valid point i think |
11 |
|
12 |
ive never admined svn repos before, but would it be possible to shut off anon |
13 |
access to the non-reviewed tree ? i think that would cover this issue as |
14 |
people who get bit by bugs in the non-reviewed tree would (and should) be |
15 |
able to just go in and fix it themselves :) |
16 |
|
17 |
> * Conflicts between contributors (social): Alice adds an ebuild; Bob |
18 |
> makes a (maybe "obvious") change; Alice thinks the change is incorrect, |
19 |
> and, feeling that the ebuild is her property, reverts the change. A |
20 |
> revert war erupts. Many casualties. |
21 |
> |
22 |
> - Create a social structure to enable Alice and Bob to communicate and |
23 |
> resolve their differences of opinion. Forums? Wiki? IRC? Bugzilla? I |
24 |
> would argue there should be One True location for this to occur; /not/ |
25 |
> bugzilla (bugspam); /not/ IRC (impermanence). |
26 |
|
27 |
revert wars are retarded on the base level. if people are unable to solve |
28 |
issues via communication channels, i'd say just toss the people involved and |
29 |
the material in question. |
30 |
-mike |