1 |
On Sun, Dec 18, 2005 at 04:52:23PM +0000, Ciaran McCreesh wrote: |
2 |
> On Sat, 17 Dec 2005 23:27:32 -0800 Brian Harring <ferringb@g.o> |
3 |
> wrote: |
4 |
> | To head off the "don't make features that are easily screwed up", |
5 |
> | this isn't one of them- this is expecting code to behave correctly |
6 |
> | from the path standpoint. |
7 |
> |
8 |
> Hrm, so will we be allowing spaces in package and category names too? |
9 |
|
10 |
No, due to atoms in *depend being seperated by whitespace. Wouldn't |
11 |
work without introducing escaping into it- beyond that the cat/pkg |
12 |
standard is in place already. |
13 |
|
14 |
Your repo_id however, is not, thus it's mallable. |
15 |
|
16 |
It's irrevelant either way- as I stated, your code *needs to be* space |
17 |
safe. Existing repo label'ing code in saviour _already_ allows spaces |
18 |
(it's just a fricking name), dissallowing spaces due to a concern that |
19 |
someone might screw up is daft. |
20 |
|
21 |
So... don't point at other things that are already set in stone and |
22 |
disallow spaces for their own reasons; state why it must be disallowed |
23 |
here, or merely state "I hate spaces". |
24 |
|
25 |
Like I said a couple of emails back, block spaces in repo_id if you |
26 |
like, either way the code involved has to be space safe for paths, so |
27 |
it's an arbitrary restriction... |
28 |
|
29 |
Dunno. Either way, path handling *must* be space safe anyways- if you |
30 |
restrict repo_id to lack spaces, your choice, still going to allow external |
31 |
aliasing of the repo_id to have spaces. |
32 |
|
33 |
|
34 |
> | > I don't want to introduce any signing requirements that we don't |
35 |
> | > have already. When signing for everything else becomes mandatory, |
36 |
> | > signing for news would be too. If I make this a 'must', someone |
37 |
> | > will ask me to specify how we're handling the Gentoo keyring... |
38 |
> | |
39 |
> | Pawn the keyring off on others. The issues isn't an established |
40 |
> | trust ring, it's required signing- yes, a trust ring makes things a |
41 |
> | helluva lot easier on the user front, but it's useless without a |
42 |
> | required signing policy. |
43 |
> | |
44 |
> | We've already had this conversation also btw, in the |
45 |
> | beginning of glep42 iirc. Obviously I don't agree |
46 |
> | with your reasoning "I'll do it when it's required I do it". It's |
47 |
> | useful now, it becomes massively more useful when a trust ring is |
48 |
> | available. |
49 |
> |
50 |
> Ok, how about I change it to "must", and add a note under Backwards |
51 |
> Compatibility along the lines of: |
52 |
> |
53 |
> At the time of writing, there is no standardised mechanism for handling |
54 |
> GPG signatures in Gentoo. Until such a mechanism exists, GPG signing |
55 |
> cannot be considered mandatory. |
56 |
|
57 |
And provisions for going back and signing everything that was _not_ |
58 |
signed while you delaying waiting for a keyring? |
59 |
|
60 |
That's why I'm pushing it. Mandate it as required now, keyring down |
61 |
the line just makes it more useful. Make it 'suggested' (which this |
62 |
is, you've changed nothing but words), you've left a mess that needs |
63 |
to be addressed when keyring comes about. |
64 |
|
65 |
Same scenario as before, think forward- force it from the get go, less |
66 |
crap to deal with down the line. Mandate it, no mess- just the |
67 |
pre-existing problem of getting a keyring collected. |
68 |
|
69 |
Delay it, keyring + going back and trying to get folk to re-sign their |
70 |
releases. That and any unsigned material released during that period |
71 |
cannot be verified, because we're waiting for a keyring. |
72 |
|
73 |
See the gains? Might be unpalatable, but it is the path of least work |
74 |
long term. |
75 |
|
76 |
|
77 |
> Ok, how's this? |
78 |
> |
79 |
> ``Revision:`` |
80 |
> Initially 1. Should be incremented every time a change is made to |
81 |
> the news item. Changes that require a re-read of the news item (for |
82 |
> example, most changes that are not spelling or formatting related) |
83 |
> should instead use a new news item. Mandatory. |
84 |
|
85 |
Works, thank you. |
86 |
|
87 |
|
88 |
> | > | This isn't incredibly useful if ranged versions are ever |
89 |
> | > | introduced. Ammending the glep for that seems stupid, looser |
90 |
> | > | language might be wise. |
91 |
> | > |
92 |
> | > What's the syntax for ranged versions? And how do they differ from |
93 |
> | > SLOT versions? |
94 |
> | |
95 |
> | >=kde-base/kde-libs-3.0 <=kde-base/kde-libs-4.0 |
96 |
> | |
97 |
> | It's not syntax as much as a boolean and of atoms. |
98 |
> |
99 |
> Hrm, ok. Wouldn't this resolve as true if you have kde-libs-2.0 and |
100 |
> kde-libs-5.0 installed (assuming SLOTted kde-libs)? |
101 |
|
102 |
Note I said boolean and. Resolution of that string *should* result |
103 |
in 3-4 via portage processing of it; doesn't handle it perfectly, but |
104 |
the reason I brought it up is that via limiting it to a single atom, |
105 |
you block (if/when) ranged versions. |
106 |
|
107 |
|
108 |
> | Any signed item would need to be verified also, although fortunately |
109 |
> | this chunk can be done in parallel to regen run. |
110 |
> |
111 |
> Hrm, is signing verification done for tree items? |
112 |
|
113 |
*If* a component was fully signed, verification prior to dissemination |
114 |
should occur. Reliant on a keyring to automate it however, plus some |
115 |
voodoo to make as much as possible go in parallel (so as not to |
116 |
overrun the window). |
117 |
|
118 |
|
119 |
> | > | You haven't stated how the 'package manager' will trigger the |
120 |
> | > | user's reader of choice for these targets. Should also extend |
121 |
> | > | this to allow a way to disable any news notices, lest someone's |
122 |
> | > | cronjob get hung displaying news (feature or not, it's needed). |
123 |
> | > |
124 |
> | > The same way the package manager handles updating config files: it |
125 |
> | > won't. It'll just tell the user that some news items need reading. |
126 |
> | |
127 |
> | And you'll personally handle all of the bug spam from feature |
128 |
> | requests that --ask trigger $news_reader? |
129 |
> | |
130 |
> | It's a logical extension, thus people will ask for it. |
131 |
> |
132 |
> What does emerge --ask do currently for config files? |
133 |
|
134 |
see email responding to marius about why etc-update and friends aren't |
135 |
the best example... |
136 |
|
137 |
Personally, I'm not much for triggering the news reader, but I'd |
138 |
expect folks will want a way to trigger the user's preferred reader. |
139 |
That's the crux of this question- you've bound this cruft into |
140 |
eselect, would assume there is a way to trigger the default reader |
141 |
(guessing at least). |
142 |
|
143 |
If there is some way to trigger whatever the default news reader is, |
144 |
then the --ask cruft can be ignored; just asking about something as |
145 |
simple as a symlink, so if the request comes up (it will, imo), it's |
146 |
doable rather then trying to go and modify the existing clients to |
147 |
support it. |
148 |
|
149 |
</ramble> |
150 |
|
151 |
~harring |