| 1 |
On Sun, Aug 10, 2003 at 10:39:14PM +0000 or thereabouts, Tavis Ormandy wrote: |
| 2 |
> Hey, please find attached a glep proposal for a Gentoo.org Finger |
| 3 |
> Daemon in docutils text. |
| 4 |
|
| 5 |
OK, I guess this one is an infrastructure GLEP to approve/reject. I'd also |
| 6 |
like to get input from seemant as the devrel manager. |
| 7 |
|
| 8 |
I have security concerns about running fingerd, but I can see how the |
| 9 |
benefits outweigh the risks in this case. However, there are still several |
| 10 |
areas that I don't see being addressed by this GLEP: |
| 11 |
|
| 12 |
1) We already suffer from what I call "information sprawl" right now, |
| 13 |
meaning we have the same information spread out across multiple places, |
| 14 |
with no one place being the "master repository". The net result of this is |
| 15 |
that users have to hunt through multiple repositories to try to find out |
| 16 |
which one the developer chose to use for their particular query. |
| 17 |
|
| 18 |
What ensures that the data available via fingerd will be a) complete |
| 19 |
(meaning how will you ensure all developers participate) and b) up-to-date? |
| 20 |
IMO, we need to identify one master source of information and *ensure* that |
| 21 |
is used and kept up-to-date. If we want to provide multiple avenues to |
| 22 |
access that info, that's fine, but we need one database, not multiple ones. |
| 23 |
|
| 24 |
2) Tangental to the issue above, we've already talked about placing things |
| 25 |
like GPG keys on the web site in XML format and pulling the other info (dev |
| 26 |
name, location, projects, etc.) in via XML as well. Why is the fingerd |
| 27 |
solution a better one? Items on the web site are updated hourly. I can't |
| 28 |
think of too many cases where that type of freshness isn't timely enough. |
| 29 |
|
| 30 |
--kurt |
Archives