1 |
On Sat, 17 Dec 2005 23:27:32 -0800 Brian Harring <ferringb@g.o> |
2 |
wrote: |
3 |
| To head off the "don't make features that are easily screwed up", |
4 |
| this isn't one of them- this is expecting code to behave correctly |
5 |
| from the path standpoint. |
6 |
|
7 |
Hrm, so will we be allowing spaces in package and category names too? |
8 |
|
9 |
| > I don't want to introduce any signing requirements that we don't |
10 |
| > have already. When signing for everything else becomes mandatory, |
11 |
| > signing for news would be too. If I make this a 'must', someone |
12 |
| > will ask me to specify how we're handling the Gentoo keyring... |
13 |
| |
14 |
| Pawn the keyring off on others. The issues isn't an established |
15 |
| trust ring, it's required signing- yes, a trust ring makes things a |
16 |
| helluva lot easier on the user front, but it's useless without a |
17 |
| required signing policy. |
18 |
| |
19 |
| We've already had this conversation also btw, in the |
20 |
| beginning of glep42 iirc. Obviously I don't agree |
21 |
| with your reasoning "I'll do it when it's required I do it". It's |
22 |
| useful now, it becomes massively more useful when a trust ring is |
23 |
| available. |
24 |
|
25 |
Ok, how about I change it to "must", and add a note under Backwards |
26 |
Compatibility along the lines of: |
27 |
|
28 |
At the time of writing, there is no standardised mechanism for handling |
29 |
GPG signatures in Gentoo. Until such a mechanism exists, GPG signing |
30 |
cannot be considered mandatory. |
31 |
|
32 |
| > | > ``Revision:`` |
33 |
| > | > Initially 1. Incremented every time a non-trivial change is |
34 |
| > | > made. Changes which require a re-read of the news item should |
35 |
| > | > instead use a new news item file. Mandatory. |
36 |
| > | |
37 |
| > | non-trivial changes that don't require a re-read sounds like a |
38 |
| > | contradiction. Clarify, especially since portage will mark this |
39 |
| > | as read _once_ and only once. |
40 |
| > |
41 |
| > Hrm, word it as "Changes other than minor formatting tweaks", or |
42 |
| > remove "non-trivial"? |
43 |
| |
44 |
| It's not a wording thing, I'm pointing out sans spelling corrections |
45 |
| and trivial word mangling, any new info jammed in requires a new item |
46 |
| bump so readers can display the changes. |
47 |
| |
48 |
| In light of that, wording above needs correction. |
49 |
|
50 |
Ok, how's this? |
51 |
|
52 |
``Revision:`` |
53 |
Initially 1. Should be incremented every time a change is made to |
54 |
the news item. Changes that require a re-read of the news item (for |
55 |
example, most changes that are not spelling or formatting related) |
56 |
should instead use a new news item. Mandatory. |
57 |
|
58 |
| > | This isn't incredibly useful if ranged versions are ever |
59 |
| > | introduced. Ammending the glep for that seems stupid, looser |
60 |
| > | language might be wise. |
61 |
| > |
62 |
| > What's the syntax for ranged versions? And how do they differ from |
63 |
| > SLOT versions? |
64 |
| |
65 |
| >=kde-base/kde-libs-3.0 <=kde-base/kde-libs-4.0 |
66 |
| |
67 |
| It's not syntax as much as a boolean and of atoms. |
68 |
|
69 |
Hrm, ok. Wouldn't this resolve as true if you have kde-libs-2.0 and |
70 |
kde-libs-5.0 installed (assuming SLOTted kde-libs)? |
71 |
|
72 |
| > Once an hour would work fine. On the other hand, the merge is just |
73 |
| > copying a few small files -- time-wise, it's less than generating |
74 |
| > the cache for a couple of ebuilds. |
75 |
| |
76 |
| More then a couple; this beast will bloat up to hundred or so files |
77 |
| I'd expect (remember translation serves as a multiplier). |
78 |
|
79 |
Yup, but it's just a case of copying a few small text files. |
80 |
|
81 |
| Any signed item would need to be verified also, although fortunately |
82 |
| this chunk can be done in parallel to regen run. |
83 |
|
84 |
Hrm, is signing verification done for tree items? |
85 |
|
86 |
| > | You haven't stated how the 'package manager' will trigger the |
87 |
| > | user's reader of choice for these targets. Should also extend |
88 |
| > | this to allow a way to disable any news notices, lest someone's |
89 |
| > | cronjob get hung displaying news (feature or not, it's needed). |
90 |
| > |
91 |
| > The same way the package manager handles updating config files: it |
92 |
| > won't. It'll just tell the user that some news items need reading. |
93 |
| |
94 |
| And you'll personally handle all of the bug spam from feature |
95 |
| requests that --ask trigger $news_reader? |
96 |
| |
97 |
| It's a logical extension, thus people will ask for it. |
98 |
|
99 |
What does emerge --ask do currently for config files? |
100 |
|
101 |
| We expire updates? If so, someone might want to look at the updates |
102 |
| from 3 years back... |
103 |
|
104 |
Yes. Once a year, Seemant shows up and says "hey, does anyone ever |
105 |
expire really really old updates entries?". |
106 |
|
107 |
| > | > There is an existing automated tool [#forums-glsa]_ for posting |
108 |
| > | > GLSAs to the forums. A similar tool can be used for these news |
109 |
| > | > items. |
110 |
| > | |
111 |
| > | Pawned it off on someone, or something you'll be doing? |
112 |
| > |
113 |
| > Hopefully the former. I have it on reasonably good authority that it |
114 |
| > won't take more than half an hour if I end up having to do it |
115 |
| > though... |
116 |
| |
117 |
| Get cracking then (regardless if it's pawning or coding). |
118 |
|
119 |
Eh, that one can be left until the last minute. |
120 |
|
121 |
-- |
122 |
Ciaran McCreesh : Gentoo Developer (I can kill you with my brain) |
123 |
Mail : ciaranm at gentoo.org |
124 |
Web : http://dev.gentoo.org/~ciaranm |