1 |
On Fri, 2006-06-09 at 13:28 +0200, Carsten Lohrke wrote: |
2 |
> > we do support it security wise, we will be reacting upon security issues. |
3 |
> > We do have package.mask support in the overlay and we are going to use it. |
4 |
> > The ebuilds have a quality, repoman is required to be run. Also |
5 |
> > contributors should be knowing what they are doing - they are submitting an |
6 |
> > ebuild to the sunrise overlay, it needs to follow certain standards. |
7 |
> |
8 |
> See, I don't go over this bridge, that an overlay of arbitrary packages, with |
9 |
> varying skills and knowledge needed, can be decently controlled with very few |
10 |
> people caring and not having a security team backing you up. |
11 |
|
12 |
I couldn't agree more. With the entire security team, plus arch teams, |
13 |
plus package maintainers, plus arch testers, it is *still* a complex job |
14 |
to maintain security in the tree. However, this group thinks that |
15 |
without any backup support whatsoever, that they'll be able to maintain |
16 |
the security of a project with countless contributors of varying degrees |
17 |
of skill and proficiency in writing ebuilds, as well as the security of |
18 |
the packages themselves. |
19 |
|
20 |
-- |
21 |
Chris Gianelloni |
22 |
Release Engineering - Strategic Lead |
23 |
x86 Architecture Team |
24 |
Games - Developer |
25 |
Gentoo Linux |