| 1 |
On Sat, 17 Dec 2005 23:27:32 -0800 Brian Harring <ferringb@g.o> |
| 2 |
wrote: |
| 3 |
| To head off the "don't make features that are easily screwed up", |
| 4 |
| this isn't one of them- this is expecting code to behave correctly |
| 5 |
| from the path standpoint. |
| 6 |
|
| 7 |
Hrm, so will we be allowing spaces in package and category names too? |
| 8 |
|
| 9 |
| > I don't want to introduce any signing requirements that we don't |
| 10 |
| > have already. When signing for everything else becomes mandatory, |
| 11 |
| > signing for news would be too. If I make this a 'must', someone |
| 12 |
| > will ask me to specify how we're handling the Gentoo keyring... |
| 13 |
| |
| 14 |
| Pawn the keyring off on others. The issues isn't an established |
| 15 |
| trust ring, it's required signing- yes, a trust ring makes things a |
| 16 |
| helluva lot easier on the user front, but it's useless without a |
| 17 |
| required signing policy. |
| 18 |
| |
| 19 |
| We've already had this conversation also btw, in the |
| 20 |
| beginning of glep42 iirc. Obviously I don't agree |
| 21 |
| with your reasoning "I'll do it when it's required I do it". It's |
| 22 |
| useful now, it becomes massively more useful when a trust ring is |
| 23 |
| available. |
| 24 |
|
| 25 |
Ok, how about I change it to "must", and add a note under Backwards |
| 26 |
Compatibility along the lines of: |
| 27 |
|
| 28 |
At the time of writing, there is no standardised mechanism for handling |
| 29 |
GPG signatures in Gentoo. Until such a mechanism exists, GPG signing |
| 30 |
cannot be considered mandatory. |
| 31 |
|
| 32 |
| > | > ``Revision:`` |
| 33 |
| > | > Initially 1. Incremented every time a non-trivial change is |
| 34 |
| > | > made. Changes which require a re-read of the news item should |
| 35 |
| > | > instead use a new news item file. Mandatory. |
| 36 |
| > | |
| 37 |
| > | non-trivial changes that don't require a re-read sounds like a |
| 38 |
| > | contradiction. Clarify, especially since portage will mark this |
| 39 |
| > | as read _once_ and only once. |
| 40 |
| > |
| 41 |
| > Hrm, word it as "Changes other than minor formatting tweaks", or |
| 42 |
| > remove "non-trivial"? |
| 43 |
| |
| 44 |
| It's not a wording thing, I'm pointing out sans spelling corrections |
| 45 |
| and trivial word mangling, any new info jammed in requires a new item |
| 46 |
| bump so readers can display the changes. |
| 47 |
| |
| 48 |
| In light of that, wording above needs correction. |
| 49 |
|
| 50 |
Ok, how's this? |
| 51 |
|
| 52 |
``Revision:`` |
| 53 |
Initially 1. Should be incremented every time a change is made to |
| 54 |
the news item. Changes that require a re-read of the news item (for |
| 55 |
example, most changes that are not spelling or formatting related) |
| 56 |
should instead use a new news item. Mandatory. |
| 57 |
|
| 58 |
| > | This isn't incredibly useful if ranged versions are ever |
| 59 |
| > | introduced. Ammending the glep for that seems stupid, looser |
| 60 |
| > | language might be wise. |
| 61 |
| > |
| 62 |
| > What's the syntax for ranged versions? And how do they differ from |
| 63 |
| > SLOT versions? |
| 64 |
| |
| 65 |
| >=kde-base/kde-libs-3.0 <=kde-base/kde-libs-4.0 |
| 66 |
| |
| 67 |
| It's not syntax as much as a boolean and of atoms. |
| 68 |
|
| 69 |
Hrm, ok. Wouldn't this resolve as true if you have kde-libs-2.0 and |
| 70 |
kde-libs-5.0 installed (assuming SLOTted kde-libs)? |
| 71 |
|
| 72 |
| > Once an hour would work fine. On the other hand, the merge is just |
| 73 |
| > copying a few small files -- time-wise, it's less than generating |
| 74 |
| > the cache for a couple of ebuilds. |
| 75 |
| |
| 76 |
| More then a couple; this beast will bloat up to hundred or so files |
| 77 |
| I'd expect (remember translation serves as a multiplier). |
| 78 |
|
| 79 |
Yup, but it's just a case of copying a few small text files. |
| 80 |
|
| 81 |
| Any signed item would need to be verified also, although fortunately |
| 82 |
| this chunk can be done in parallel to regen run. |
| 83 |
|
| 84 |
Hrm, is signing verification done for tree items? |
| 85 |
|
| 86 |
| > | You haven't stated how the 'package manager' will trigger the |
| 87 |
| > | user's reader of choice for these targets. Should also extend |
| 88 |
| > | this to allow a way to disable any news notices, lest someone's |
| 89 |
| > | cronjob get hung displaying news (feature or not, it's needed). |
| 90 |
| > |
| 91 |
| > The same way the package manager handles updating config files: it |
| 92 |
| > won't. It'll just tell the user that some news items need reading. |
| 93 |
| |
| 94 |
| And you'll personally handle all of the bug spam from feature |
| 95 |
| requests that --ask trigger $news_reader? |
| 96 |
| |
| 97 |
| It's a logical extension, thus people will ask for it. |
| 98 |
|
| 99 |
What does emerge --ask do currently for config files? |
| 100 |
|
| 101 |
| We expire updates? If so, someone might want to look at the updates |
| 102 |
| from 3 years back... |
| 103 |
|
| 104 |
Yes. Once a year, Seemant shows up and says "hey, does anyone ever |
| 105 |
expire really really old updates entries?". |
| 106 |
|
| 107 |
| > | > There is an existing automated tool [#forums-glsa]_ for posting |
| 108 |
| > | > GLSAs to the forums. A similar tool can be used for these news |
| 109 |
| > | > items. |
| 110 |
| > | |
| 111 |
| > | Pawned it off on someone, or something you'll be doing? |
| 112 |
| > |
| 113 |
| > Hopefully the former. I have it on reasonably good authority that it |
| 114 |
| > won't take more than half an hour if I end up having to do it |
| 115 |
| > though... |
| 116 |
| |
| 117 |
| Get cracking then (regardless if it's pawning or coding). |
| 118 |
|
| 119 |
Eh, that one can be left until the last minute. |
| 120 |
|
| 121 |
-- |
| 122 |
Ciaran McCreesh : Gentoo Developer (I can kill you with my brain) |
| 123 |
Mail : ciaranm at gentoo.org |
| 124 |
Web : http://dev.gentoo.org/~ciaranm |
Archives