| 1 |
Il giorno gio, 20/01/2011 alle 21.35 +0100, Matti Bickel ha scritto: |
| 2 |
> On 01/20/2011 08:42 PM, Diego Elio Pettenò wrote: |
| 3 |
> No. Licenses are not a valid argument to me. I'd accept that if we're |
| 4 |
> Debian and pushing 100% of *our* stuff as binary. What we do 90% of the |
| 5 |
> time is distributing text - ebuilds. |
| 6 |
|
| 7 |
So I'm not asking _you_ to waste 90% of your time discussing and |
| 8 |
auditing licenses. We have a team for that. |
| 9 |
|
| 10 |
At the same time I'm not going to ask the developers to all evaluate |
| 11 |
case by case whether they should or shouldn't keep their stuff |
| 12 |
available. I'm telling them to put it there rather than in another |
| 13 |
place; what that will change shouldn't really be a problem. |
| 14 |
|
| 15 |
> I just was curious about the reasons, as I see no |
| 16 |
> compelling point in *forcing* this. |
| 17 |
|
| 18 |
The reason to *force* this is two fold: we need a policy so that we stop |
| 19 |
the fact that everybody does as he pleases and this is replacing a |
| 20 |
_different_ forcing that we _used_ to have, and which I'm not surprised |
| 21 |
you didn't hear about, that told developers to use mirror://gentoo/. |
| 22 |
|
| 23 |
Which is unfortunately troublesome *as Ulrich and Christian already |
| 24 |
shown*. |
| 25 |
|
| 26 |
And since in Gentoo we cannot simply scratch rules, as otherwise people |
| 27 |
will keep referencing them forever and ever, a new rule replaces the old |
| 28 |
rule: you use dev.gentoo.org rather than mirror://gentoo/. |
| 29 |
|
| 30 |
> Take php-5.3.2: I don't care if you found a security issue in my tarball |
| 31 |
> or in php's tarball. I'll have a look to determine if the bug's still in |
| 32 |
> the newest version. If it is, I'll rename the bug. If it is not, it |
| 33 |
> doesn't matter to me. |
| 34 |
|
| 35 |
You might not care. I would, and it's not just a matter of being the |
| 36 |
current QA lead in charge, but rather a question of professionalism. If |
| 37 |
I would find you or another developer to have introduced a backdoor in a |
| 38 |
custom tarball, I'm going to have said developer booted, quickly. |
| 39 |
|
| 40 |
Again, you might not care, we have other teams that do care. Since I'm |
| 41 |
not asking you to do a 180° jump changing your habits, can we please |
| 42 |
just agree that you don't see the point but you'll follow the request |
| 43 |
anyway? |
| 44 |
|
| 45 |
-- |
| 46 |
Diego Elio Pettenò — Flameeyes |
| 47 |
http://blog.flameeyes.eu/ |
Archives