Gentoo Archives: gentoo-dev

From: Brian Harring <ferringb@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] glep 42 (news) round six
Date: Sun, 18 Dec 2005 22:57:17
Message-Id: 20051218225207.GB10526@nightcrawler.e-centre.net
In Reply to: Re: [gentoo-dev] glep 42 (news) round six by Ciaran McCreesh
1 On Sun, Dec 18, 2005 at 04:52:23PM +0000, Ciaran McCreesh wrote:
2 > On Sat, 17 Dec 2005 23:27:32 -0800 Brian Harring <ferringb@g.o>
3 > wrote:
4 > | To head off the "don't make features that are easily screwed up",
5 > | this isn't one of them- this is expecting code to behave correctly
6 > | from the path standpoint.
7 >
8 > Hrm, so will we be allowing spaces in package and category names too?
9
10 No, due to atoms in *depend being seperated by whitespace. Wouldn't
11 work without introducing escaping into it- beyond that the cat/pkg
12 standard is in place already.
13
14 Your repo_id however, is not, thus it's mallable.
15
16 It's irrevelant either way- as I stated, your code *needs to be* space
17 safe. Existing repo label'ing code in saviour _already_ allows spaces
18 (it's just a fricking name), dissallowing spaces due to a concern that
19 someone might screw up is daft.
20
21 So... don't point at other things that are already set in stone and
22 disallow spaces for their own reasons; state why it must be disallowed
23 here, or merely state "I hate spaces".
24
25 Like I said a couple of emails back, block spaces in repo_id if you
26 like, either way the code involved has to be space safe for paths, so
27 it's an arbitrary restriction...
28
29 Dunno. Either way, path handling *must* be space safe anyways- if you
30 restrict repo_id to lack spaces, your choice, still going to allow external
31 aliasing of the repo_id to have spaces.
32
33
34 > | > I don't want to introduce any signing requirements that we don't
35 > | > have already. When signing for everything else becomes mandatory,
36 > | > signing for news would be too. If I make this a 'must', someone
37 > | > will ask me to specify how we're handling the Gentoo keyring...
38 > |
39 > | Pawn the keyring off on others. The issues isn't an established
40 > | trust ring, it's required signing- yes, a trust ring makes things a
41 > | helluva lot easier on the user front, but it's useless without a
42 > | required signing policy.
43 > |
44 > | We've already had this conversation also btw, in the
45 > | beginning of glep42 iirc. Obviously I don't agree
46 > | with your reasoning "I'll do it when it's required I do it". It's
47 > | useful now, it becomes massively more useful when a trust ring is
48 > | available.
49 >
50 > Ok, how about I change it to "must", and add a note under Backwards
51 > Compatibility along the lines of:
52 >
53 > At the time of writing, there is no standardised mechanism for handling
54 > GPG signatures in Gentoo. Until such a mechanism exists, GPG signing
55 > cannot be considered mandatory.
56
57 And provisions for going back and signing everything that was _not_
58 signed while you delaying waiting for a keyring?
59
60 That's why I'm pushing it. Mandate it as required now, keyring down
61 the line just makes it more useful. Make it 'suggested' (which this
62 is, you've changed nothing but words), you've left a mess that needs
63 to be addressed when keyring comes about.
64
65 Same scenario as before, think forward- force it from the get go, less
66 crap to deal with down the line. Mandate it, no mess- just the
67 pre-existing problem of getting a keyring collected.
68
69 Delay it, keyring + going back and trying to get folk to re-sign their
70 releases. That and any unsigned material released during that period
71 cannot be verified, because we're waiting for a keyring.
72
73 See the gains? Might be unpalatable, but it is the path of least work
74 long term.
75
76
77 > Ok, how's this?
78 >
79 > ``Revision:``
80 > Initially 1. Should be incremented every time a change is made to
81 > the news item. Changes that require a re-read of the news item (for
82 > example, most changes that are not spelling or formatting related)
83 > should instead use a new news item. Mandatory.
84
85 Works, thank you.
86
87
88 > | > | This isn't incredibly useful if ranged versions are ever
89 > | > | introduced. Ammending the glep for that seems stupid, looser
90 > | > | language might be wise.
91 > | >
92 > | > What's the syntax for ranged versions? And how do they differ from
93 > | > SLOT versions?
94 > |
95 > | >=kde-base/kde-libs-3.0 <=kde-base/kde-libs-4.0
96 > |
97 > | It's not syntax as much as a boolean and of atoms.
98 >
99 > Hrm, ok. Wouldn't this resolve as true if you have kde-libs-2.0 and
100 > kde-libs-5.0 installed (assuming SLOTted kde-libs)?
101
102 Note I said boolean and. Resolution of that string *should* result
103 in 3-4 via portage processing of it; doesn't handle it perfectly, but
104 the reason I brought it up is that via limiting it to a single atom,
105 you block (if/when) ranged versions.
106
107
108 > | Any signed item would need to be verified also, although fortunately
109 > | this chunk can be done in parallel to regen run.
110 >
111 > Hrm, is signing verification done for tree items?
112
113 *If* a component was fully signed, verification prior to dissemination
114 should occur. Reliant on a keyring to automate it however, plus some
115 voodoo to make as much as possible go in parallel (so as not to
116 overrun the window).
117
118
119 > | > | You haven't stated how the 'package manager' will trigger the
120 > | > | user's reader of choice for these targets. Should also extend
121 > | > | this to allow a way to disable any news notices, lest someone's
122 > | > | cronjob get hung displaying news (feature or not, it's needed).
123 > | >
124 > | > The same way the package manager handles updating config files: it
125 > | > won't. It'll just tell the user that some news items need reading.
126 > |
127 > | And you'll personally handle all of the bug spam from feature
128 > | requests that --ask trigger $news_reader?
129 > |
130 > | It's a logical extension, thus people will ask for it.
131 >
132 > What does emerge --ask do currently for config files?
133
134 see email responding to marius about why etc-update and friends aren't
135 the best example...
136
137 Personally, I'm not much for triggering the news reader, but I'd
138 expect folks will want a way to trigger the user's preferred reader.
139 That's the crux of this question- you've bound this cruft into
140 eselect, would assume there is a way to trigger the default reader
141 (guessing at least).
142
143 If there is some way to trigger whatever the default news reader is,
144 then the --ask cruft can be ignored; just asking about something as
145 simple as a symlink, so if the request comes up (it will, imo), it's
146 doable rather then trying to go and modify the existing clients to
147 support it.
148
149 </ramble>
150
151 ~harring