| 1 |
Hi Michael, |
| 2 |
|
| 3 |
On 4/19/20 9:09 PM, Michael Orlitzky wrote: |
| 4 |
> You can do whatever you want in an overlay, but you can't introduce |
| 5 |
> security vulnerabilities and license issues into thousands of peoples' |
| 6 |
> homes and businesses through ::gentoo because it makes your life a tiny |
| 7 |
> bit easier. |
| 8 |
> |
| 9 |
> The job description of distribution developer is, ultimately, to fix all |
| 10 |
> the dumb things that upstream does before packaging the result so that |
| 11 |
> your users get a consistent, usable, reliable, and secure product. But |
| 12 |
> the first step isn't optional. Re-packaging garbage is easy -- that's a |
| 13 |
> service nobody needs. |
| 14 |
> |
| 15 |
> Using ebuilds this way is also simply a waste of your time. If you're |
| 16 |
> not going to package the dependencies, then you're better off using the |
| 17 |
> upstream bundling tool. At least then you can update the hundreds of |
| 18 |
> bundled dependencies afterwards. With an ebuild that's not possible. |
| 19 |
I agree, I have the same concern and that's why I prefer to have an |
| 20 |
ebuild instead of using the docker container or running blindly the |
| 21 |
provided upstream bundling tool. Avoiding to package all unnecessary |
| 22 |
dependencies and keeping away the garbage can only be possible as you |
| 23 |
mentioned using the distribution tools. At least, with a Gentoo overlay, |
| 24 |
I can have software better than upstream provided and continue my work. |
| 25 |
> I don't mean to discourage you any more than necessary. I'm glad you |
| 26 |
> want to help. But please quit looking to Go as an example of anything |
| 27 |
> anyone should be doing. |
| 28 |
|
| 29 |
Thanks for your advice, but I believe that we win more with the ebuild |
| 30 |
for the development tools and base services, even if it will only be |
| 31 |
available in the overlay. Is better to have the eyes of experienced |
| 32 |
maintainers, Gentoo QA and sharing information, instead of keeping it |
| 33 |
standalone, perpetuating the bad procedures and software usage. |
| 34 |
|
| 35 |
I really feel like scoring when reviewing what I need to do for the |
| 36 |
ebuild, also when it makes me spent some more time. The profit comes |
| 37 |
afterwards! |
| 38 |
|
| 39 |
Best, |
| 40 |
Samuel |
Archives