| 1 |
Over the years we've had a fairly consistent stream of suggestions that |
| 2 |
we should open up the e-build maintaining process to users instead of |
| 3 |
just devs. The main arguments against it are the security issues and an |
| 4 |
expectation that it would add to developer workloads. The former is |
| 5 |
certainly a real problem, although signing (assuming a reasonable |
| 6 |
web-of-trust) could mitigate that some (at least we'd know who to |
| 7 |
blame). The latter, however, is conjecture, and the only good way to |
| 8 |
verify it would be to actually try it and see what happens. Oh, and |
| 9 |
there's also a very real fear that if things go horribly wrong, that |
| 10 |
Gentoo's reputation would suffer quite badly. Perhaps I'm naive, but I |
| 11 |
tend to think that if we were to advertise project sunrise as |
| 12 |
experimental, temporary, use-at-your-own-risk, and |
| 13 |
might-break-your-system, and even put it on hardware without a |
| 14 |
gentoo.org address and add a portage hook that warns whenever the |
| 15 |
project sunrise overlay is used, then our reputation isn't really likely |
| 16 |
to suffer even if it's a complete disaster. |
| 17 |
|
| 18 |
So, Chris, what have I failed to address that would make this a really |
| 19 |
bad idea? |
| 20 |
|
| 21 |
-g2boojum- |
| 22 |
-- |
| 23 |
Grant Goodyear |
| 24 |
Gentoo Developer |
| 25 |
g2boojum@g.o |
| 26 |
http://www.gentoo.org/~g2boojum |
| 27 |
GPG Fingerprint: D706 9802 1663 DEF5 81B0 9573 A6DC 7152 E0F6 5B76 |
Archives