| 1 |
Richard Freeman <rich0@g.o> said: |
| 2 |
> AllenJB wrote: |
| 3 |
> > All that's going to happen is Gentoo will have many many buggy and |
| 4 |
> > out of date packages in the MAIN TREE. Exactly where they shouldn't |
| 5 |
> > be. You claim quality won't be sacrificed, but I simply can't see |
| 6 |
> > this without any attempt to solve the manpower issues first. |
| 7 |
> > |
| 8 |
> > Isn't the purpose of this project already somewhat covered by |
| 9 |
> > Sunrise? |
| 10 |
> |
| 11 |
> I have to agree with your points. We need to have quality standards |
| 12 |
> for packages. Currently we have a couple of tiers: |
| 13 |
> |
| 14 |
> 1. Main tree - every ebuild has an official maintainer and gets prompt |
| 15 |
> security updates/etc. New features might get a little more stale, but |
| 16 |
> you aren't going to be running at risk if you only use the main tree |
| 17 |
> and routinely emerge -u world. If a package falls behind on security |
| 18 |
> it gets masked and booted. |
| 19 |
> |
| 20 |
> 2. Overlays - you're on your own and at the general mercy of the |
| 21 |
> overlay maintainer. |
| 22 |
> |
| 23 |
> 3. Sunrise (just a special case of an overlay) - somewhere in-between. |
| 24 |
> Again, you have to opt-in. |
| 25 |
> |
| 26 |
|
| 27 |
AFAIK, we have never explicitly made this distinction clear. if we had, we |
| 28 |
would have to remove stuff from portage which doesnt live up to the |
| 29 |
standards. |
| 30 |
|
| 31 |
it is also not true from a more real world perspective: there are many |
| 32 |
packages in portage that have a standard which is much lower than what is |
| 33 |
in some overlays. and there are many packages in overlays which live up to |
| 34 |
a quality standard way above portage's average. |
| 35 |
|
| 36 |
if you want to exaggerate a bit, we have roughly 500 ebuilds in portage |
| 37 |
which are maintainer-needed and have only a few users and thats why you |
| 38 |
want to keep popular packages out of the tree? |
| 39 |
|
| 40 |
its weird, how this whole thing started with wanting to accomodate our |
| 41 |
users better and then other people come around and argue against it in |
| 42 |
order to protect our users... |
| 43 |
user who want protection run stable arch! |
| 44 |
|
| 45 |
given the current state of the tree, its hypocritical to be against this |
| 46 |
proposal, IMHO. |
| 47 |
|
| 48 |
however, one could try to implement the above quality standards, possibly |
| 49 |
by splitting up the tree. |
| 50 |
|
| 51 |
this issue, as well as some others very similar to this one, have come up |
| 52 |
many times before. I suggest we do something about it... (splitting the |
| 53 |
tree or moving more stuff wholesale into portage and have a better rating |
| 54 |
system... whatever) |
| 55 |
|
| 56 |
Fedora is a much more current distribution than Gentoo - and has been for |
| 57 |
a couple of years... |
| 58 |
|
| 59 |
regards |
| 60 |
Thilo |
| 61 |
|
| 62 |
> I think that we still need to have defined levels of quality, so if we |
| 63 |
> start putting unmaintained stuff in the main tree then we absolutely |
| 64 |
> need to preserve a mechanism for users to indicate what level of |
| 65 |
> quality they desire. Users running a typical install shouldn't |
| 66 |
> inadvertently have dependencies pulled in which aren't fully controlled |
| 67 |
> for security issues. |
| 68 |
> |
| 69 |
> Could something like sunrise be integrated into the main tree? Sure. |
| 70 |
> However, there would need to be lots of rules and QA checks like |
| 71 |
> non-sunrise packages not depending on sunrise packages and the sunrise |
| 72 |
> packages are somehow clearly marked. Maybe even an ACCEPT_QUALITY = |
| 73 |
> "good-luck-with-that" setting or something like that in make.conf. We |
| 74 |
> might also need tiered levels of security in cvs. I'm not convinced |
| 75 |
> that in the end it will be any better than just having those who are |
| 76 |
> interested add an overlay to their tree. |
| 77 |
> |
| 78 |
> Maybe a better option would be a way to make overlays more seamless. |
| 79 |
> Additionally we could have rating categories for overlays like |
| 80 |
> "security responsiveness," "currency with upstream," etc. The gentoo |
| 81 |
> project would ask overlays to declare their policies as a condition of |
| 82 |
> being accessible via the seamless interface, and would drop overlays if |
| 83 |
> they don't follow their policies. It would still be easy for users to |
| 84 |
> pick non-standard overlays but it would be clear that they are |
| 85 |
> venturing off on their own if they do this (just as is the case with |
| 86 |
> layman today). |
| 87 |
> |
| 88 |
> Sure, I'd love to see an extra 1000 supported packages in portage, but |
| 89 |
> the key is "supported", not just shoveled-in. |
Archives