1 |
Hey, |
2 |
|
3 |
I'm suggesting a new QA policy to disallow any "live-ebuild-only |
4 |
packages" being hosted in ::gentoo. Rationale being the same as why |
5 |
-9999 packages can't have KEYWORDS: They are unpredictable and |
6 |
potentially insecure. Unpredictability could mean upstream repo being |
7 |
broken at any given time placing users in an awkward situation, where |
8 |
they are able to build some packages while not the others. Upstream |
9 |
repo can also be force-pushed over. I feel like packages offered in |
10 |
::gentoo shouldn't have these issues, and the need to have at least one |
11 |
safe release available to users that's guaranteed to build. |
12 |
|
13 |
With Git-like VCS's becoming popular, it is super easy to create an |
14 |
unchanged snapshot based on a commit. Even devmanual encourages this |
15 |
with proper guide how-to: |
16 |
https://devmanual.gentoo.org/ebuild-writing/file-format/index.html#snapshots-and-live-ebuilds |
17 |
(https://devmanual.gentoo.org/keywording/index.html) |
18 |
|
19 |
We currently have 43 "live-ebuild-only" packages in tree. Out of those |
20 |
19 are totally unbuildable, that's 44 % of all packages present in the |
21 |
repo. Overall the maintenance of these live-ebuild-only packages looks |
22 |
low, there's only a handful of ebuilds that have good quality and no |
23 |
issues at all. 12 of them, 28 %, are still on EAPI-5. Of all 43, only 2 |
24 |
would require the maintainer to generate a tarball by themself, while |
25 |
others can utilize upstream's tagged releases, or ability to make a |
26 |
snapshot from a specific commit. Obviously if this policy passes, I'll |
27 |
be helping getting these packages keyworded. |
28 |
|
29 |
And finally here's an example how to introduce new packages to tree |
30 |
without upstream releases: |
31 |
https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/rlottie?id=42873c46b7ed07d5b4f8af5fcf08d8549cb6385b |
32 |
https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/rlottie?id=2de52234783be909f6e4aed333533e6a804e8e6b |
33 |
https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/rlottie?id=8305f0c6cd0ce8cb5ac0f2d92569acce36a5cc0a |
34 |
etc... |
35 |
https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/rlottie?id=24c48b325dd5a22284d077d6581a1a45e397e511 |
36 |
|
37 |
If the only available version for a package doesn't build - or can't be |
38 |
guaranteed to build - then it should be last-rited, or not exist in |
39 |
::gentoo repo at all. |
40 |
|
41 |
Some history and initiative: bug #713802 |
42 |
|
43 |
-- juippis |