| 1 |
On Fri, 2006-06-09 at 13:28 +0200, Carsten Lohrke wrote: |
| 2 |
> > we do support it security wise, we will be reacting upon security issues. |
| 3 |
> > We do have package.mask support in the overlay and we are going to use it. |
| 4 |
> > The ebuilds have a quality, repoman is required to be run. Also |
| 5 |
> > contributors should be knowing what they are doing - they are submitting an |
| 6 |
> > ebuild to the sunrise overlay, it needs to follow certain standards. |
| 7 |
> |
| 8 |
> See, I don't go over this bridge, that an overlay of arbitrary packages, with |
| 9 |
> varying skills and knowledge needed, can be decently controlled with very few |
| 10 |
> people caring and not having a security team backing you up. |
| 11 |
|
| 12 |
I couldn't agree more. With the entire security team, plus arch teams, |
| 13 |
plus package maintainers, plus arch testers, it is *still* a complex job |
| 14 |
to maintain security in the tree. However, this group thinks that |
| 15 |
without any backup support whatsoever, that they'll be able to maintain |
| 16 |
the security of a project with countless contributors of varying degrees |
| 17 |
of skill and proficiency in writing ebuilds, as well as the security of |
| 18 |
the packages themselves. |
| 19 |
|
| 20 |
-- |
| 21 |
Chris Gianelloni |
| 22 |
Release Engineering - Strategic Lead |
| 23 |
x86 Architecture Team |
| 24 |
Games - Developer |
| 25 |
Gentoo Linux |
Archives