| 1 |
Hey, |
| 2 |
|
| 3 |
I'm suggesting a new QA policy to disallow any "live-ebuild-only |
| 4 |
packages" being hosted in ::gentoo. Rationale being the same as why |
| 5 |
-9999 packages can't have KEYWORDS: They are unpredictable and |
| 6 |
potentially insecure. Unpredictability could mean upstream repo being |
| 7 |
broken at any given time placing users in an awkward situation, where |
| 8 |
they are able to build some packages while not the others. Upstream |
| 9 |
repo can also be force-pushed over. I feel like packages offered in |
| 10 |
::gentoo shouldn't have these issues, and the need to have at least one |
| 11 |
safe release available to users that's guaranteed to build. |
| 12 |
|
| 13 |
With Git-like VCS's becoming popular, it is super easy to create an |
| 14 |
unchanged snapshot based on a commit. Even devmanual encourages this |
| 15 |
with proper guide how-to: |
| 16 |
https://devmanual.gentoo.org/ebuild-writing/file-format/index.html#snapshots-and-live-ebuilds |
| 17 |
(https://devmanual.gentoo.org/keywording/index.html) |
| 18 |
|
| 19 |
We currently have 43 "live-ebuild-only" packages in tree. Out of those |
| 20 |
19 are totally unbuildable, that's 44 % of all packages present in the |
| 21 |
repo. Overall the maintenance of these live-ebuild-only packages looks |
| 22 |
low, there's only a handful of ebuilds that have good quality and no |
| 23 |
issues at all. 12 of them, 28 %, are still on EAPI-5. Of all 43, only 2 |
| 24 |
would require the maintainer to generate a tarball by themself, while |
| 25 |
others can utilize upstream's tagged releases, or ability to make a |
| 26 |
snapshot from a specific commit. Obviously if this policy passes, I'll |
| 27 |
be helping getting these packages keyworded. |
| 28 |
|
| 29 |
And finally here's an example how to introduce new packages to tree |
| 30 |
without upstream releases: |
| 31 |
https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/rlottie?id=42873c46b7ed07d5b4f8af5fcf08d8549cb6385b |
| 32 |
https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/rlottie?id=2de52234783be909f6e4aed333533e6a804e8e6b |
| 33 |
https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/rlottie?id=8305f0c6cd0ce8cb5ac0f2d92569acce36a5cc0a |
| 34 |
etc... |
| 35 |
https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/rlottie?id=24c48b325dd5a22284d077d6581a1a45e397e511 |
| 36 |
|
| 37 |
If the only available version for a package doesn't build - or can't be |
| 38 |
guaranteed to build - then it should be last-rited, or not exist in |
| 39 |
::gentoo repo at all. |
| 40 |
|
| 41 |
Some history and initiative: bug #713802 |
| 42 |
|
| 43 |
-- juippis |
Archives