Re: [gentoo-dev] Project Sunrise resumed again (was Resignation) - gentoo-dev

From:	Patrick Lauer <patrick@g.o>
To:	gentoo-dev@l.g.o
Subject:	Re: [gentoo-dev] Project Sunrise resumed again (was Resignation)
Date:	Thu, 03 Aug 2006 18:00:12
Message-Id:	`1154627595.24984.56.camel@localhost`
In Reply to:	Re: [gentoo-dev] Project Sunrise resumed again (was Resignation) by Carsten Lohrke

1

On Thu, 2006-08-03 at 18:21 +0200, Carsten Lohrke wrote:

2

> The difference is that I argue, while you accuse me to play false. I consider

3

> this as ad hominem and together with all this "FUD" and "BS" calling, in

4

> contrary to my email, inflammatory.

5

... and that is inflammatory :-)

6

7

> > > I'd appreciate, if you would try to have a controversial

8

> > > discussion, without starting to loose your manners.

9

> >

10

> > And I'd appreciate a less condescending tone.

11

>

12

> This wasn't meant condescending, but a true request. Because it's not the

13

> first time you react this way, when you dislike another ones opinion. It is

14

> as annoying as Ciaran's habit to make statements without backing them up -

15

> even when asked to do so.

16

I think it's a language barrier - as you (and I) are not native english speakers we tend to put a different emphasis on words.

17

What may look perfectly polite to you could be a big insult to a french

18

or japanese speaker ...

19

20

That being said, I'd interpret what you've written as mildly

21

condescending too.

22

23

24

> > 3) Assumption that sunrise will just be a dumping ground, without any

25

> > form of maintainance is implicit here- if it becomes as such, already

26

> > was stated it would get wedgied by the council.  So that leaves the

27

> > angle of "they don't have a security team", which implies to actually

28

> > handle nuking vulnerable ebuilds, one has to have a security team

29

> > (obviously false).

30

>

31

> Dumping ground or not. It's easy to miss vulnerability notices. Especially, if

32

> you don't have guys who expclicitly care for it. And you need a security team

33

> to announce issue to the user base. I wouldn't use Gentoo, if we not had such

34

> a hard and good working security team.

35

>

36

I wonder if all inofficial overlays and bugs are always updated?

37

Sunrise is still young, but the way they've handled bugreports makes me

38

quite confident that they'll be able to handle security issues when they

39

have reached a stable and sustainable size. 

40

41

> > Besides... frankly it's kind of BS to push the vuln angle onto sunrise

42

> > when gentoo can't even clean out years old vulnerable packages from

43

> > gentoo-x86 (that doesn't absolve sunrise from having to watch it, nor

44

> > a potshot at the understaffed security team, merely that double

45

> > standards suck).

46

>

47

> Interesting to see you state this. Because this is a far more serious problem,

48

> than supporting "everything" possible; And Sunrise won't fix this either - if

49

> not the opposite. One of the goals of Sunrise is to recruit new devs. But we

50

> don't need new devs to add new packages primarily, we more to maintain

51

> existing and not so fancy stuff and to clean out the tree.

52

>

53

How do you train devs?

54

Also, who is only working on the things he did when he initially became

55

dev?

56

57

[snip]

58

> Your list is rubbish. There're stable versions for all security wise supported

59

> architectures and the relevant GLSA's. If users don't use them, it's their

60

> local problem.

61

If users use sunrise it's their local problem, too. 

62

>

63

> > > > And... just cause I'm mildly sick of this bullshit,

64

> > >

65

> > > And I'm sick of people, who miss the point.

66

> >

67

> > As stated above, be concise then.  Your points came out of pretty

68

> > much nowhere, poorly communicated, and rather vague in actually

69

> > backing them up.  Which... at least from the "backing up the

70

> > complaints", has been the theme for the screaming folk thus far.

71

>

72

> Do I have to learn you to read? See above.

73

^^ that is really condescending. 

74

75

76

> > So someone goes and breaks something in gentoo-x86 that breaks

77

> > something for sunrise.  Fine, it's sunrises' mess to clean up; they've

78

> > volunteered to do this work, I don't see how you can claim it as a

79

> > negative when they've accepted it as part of _their_ work.

80

>

81

> The problems will pile up in bugs.g.o and "usally" with the wrong addressee.

82

> This has been every now and then the case with other overlays as well as

83

> users of distros building on Gentoo. I can live with that to a degree. But

84

> when we do this mess ourselves, it get's highly annoying.

85

Hmmm?

86

The problem with most other overlays is that they also may have updated

87

or patched versions of in-tree applications. Most problems that you

88

claim should not happen in sunrise.

89

90

> > Granted, they may give you the finger and quit, or your remaining

91

> > fellow devs may rightfully boot you for playing games, but the point

92

> > stands- they stepped up to do the work, including cleaning up

93

> > anything y'all may break for them.

94

>

95

> You're doing it again. No I'm not playig games with you. I have reasonable

96

> complaints and consider this sort of overlay a failure. Then an extra

97

> development tree would be much better.

98

99

I still fail to see what your issues with it are. All the points you

100

stated are either invalid or not an issue from my p.o.v.

101

102

>

103

> > You're not limited- they're the ones limited via trying to not step on

104

> > gentoo-x86's toes.  How is that a negative then?

105

>

106

> I fear for the security of our user base, especially the lazy, uneducated

107

> ricers and how this wll reflect on Gentoo's reputation as a whole.

108

What is Gentoo's reputation? I mean ... people have said this a few

109

times, but has anyone just asked a random subset of linux users how they

110

see Gentoo?

111

112

I guess having a reputation of being bleeding edge, having fast-paced

113

development (with many transient bugs because of the rapid pace of

114

change) and being really easy to use conflicts really hard with Sunrise,

115

right?

116

117

> I fear

118

> more annoying, invalid bug reports. I don't see any benefit for the existing

119

> tree or Gentoo as a whole.

120

So ignore it. You don't have to use it, but you're trying to limit other

121

devs and users (who may become devs) in their freedom to work on any

122

aspect of gentoo they like. 

123

Ebuilds rotting for years in bugzilla (and bugzilla can be quite

124

confusing to use) can not be better than a maintained overlay where

125

people even review ebuilds for mistakes. I wonder why you're implicitly

126

advocating the worse policy, that (from my point of view) is silly and

127

more damaging to Gentoo, if anything is getting damaged at all.

128

129

I don't see any benefits in not supporting (or just passively ignoring)

130

sunrise. If it fails you can still pull the plug, but until now it has

131

been quite successful in finding motivated users and putting them to

132

use. Granted, communication has been difficult,but the reactions from

133

some devs look really bizzare and extreme to me.

134

(Just food for thought - you shut down sunrise. I pick up the pieces,

135

host it on my hardware and do what I want. You can't stop me, you can't

136

influence my policies, you haven't gained a thing. Users still use The

137

Overlay Formerly Known as Sunrise and complain that Gentoo sucks

138

(because that overlay has wrecked their machine, I'm a mean bastard

139

after all! 

140

That's why you should keep Sunrise running and controllable by Gentoo

141

people.)

142

143

144

Have fun,

145

146

Patrick

147

--

148

Stand still, and let the rest of the universe move

Gentoo Archives: gentoo-dev

Attachments

1	On Thu, 2006-08-03 at 18:21 +0200, Carsten Lohrke wrote:
2	> The difference is that I argue, while you accuse me to play false. I consider
3	> this as ad hominem and together with all this "FUD" and "BS" calling, in
4	> contrary to my email, inflammatory.
5	... and that is inflammatory :-)
6
7	> > > I'd appreciate, if you would try to have a controversial
8	> > > discussion, without starting to loose your manners.
9	> >
10	> > And I'd appreciate a less condescending tone.
11	>
12	> This wasn't meant condescending, but a true request. Because it's not the
13	> first time you react this way, when you dislike another ones opinion. It is
14	> as annoying as Ciaran's habit to make statements without backing them up -
15	> even when asked to do so.
16	I think it's a language barrier - as you (and I) are not native english speakers we tend to put a different emphasis on words.
17	What may look perfectly polite to you could be a big insult to a french
18	or japanese speaker ...
19
20	That being said, I'd interpret what you've written as mildly
21	condescending too.
22
23
24	> > 3) Assumption that sunrise will just be a dumping ground, without any
25	> > form of maintainance is implicit here- if it becomes as such, already
26	> > was stated it would get wedgied by the council. So that leaves the
27	> > angle of "they don't have a security team", which implies to actually
28	> > handle nuking vulnerable ebuilds, one has to have a security team
29	> > (obviously false).
30	>
31	> Dumping ground or not. It's easy to miss vulnerability notices. Especially, if
32	> you don't have guys who expclicitly care for it. And you need a security team
33	> to announce issue to the user base. I wouldn't use Gentoo, if we not had such
34	> a hard and good working security team.
35	>
36	I wonder if all inofficial overlays and bugs are always updated?
37	Sunrise is still young, but the way they've handled bugreports makes me
38	quite confident that they'll be able to handle security issues when they
39	have reached a stable and sustainable size.
40
41	> > Besides... frankly it's kind of BS to push the vuln angle onto sunrise
42	> > when gentoo can't even clean out years old vulnerable packages from
43	> > gentoo-x86 (that doesn't absolve sunrise from having to watch it, nor
44	> > a potshot at the understaffed security team, merely that double
45	> > standards suck).
46	>
47	> Interesting to see you state this. Because this is a far more serious problem,
48	> than supporting "everything" possible; And Sunrise won't fix this either - if
49	> not the opposite. One of the goals of Sunrise is to recruit new devs. But we
50	> don't need new devs to add new packages primarily, we more to maintain
51	> existing and not so fancy stuff and to clean out the tree.
52	>
53	How do you train devs?
54	Also, who is only working on the things he did when he initially became
55	dev?
56
57	[snip]
58	> Your list is rubbish. There're stable versions for all security wise supported
59	> architectures and the relevant GLSA's. If users don't use them, it's their
60	> local problem.
61	If users use sunrise it's their local problem, too.
62	>
63	> > > > And... just cause I'm mildly sick of this bullshit,
64	> > >
65	> > > And I'm sick of people, who miss the point.
66	> >
67	> > As stated above, be concise then. Your points came out of pretty
68	> > much nowhere, poorly communicated, and rather vague in actually
69	> > backing them up. Which... at least from the "backing up the
70	> > complaints", has been the theme for the screaming folk thus far.
71	>
72	> Do I have to learn you to read? See above.
73	^^ that is really condescending.
74
75
76	> > So someone goes and breaks something in gentoo-x86 that breaks
77	> > something for sunrise. Fine, it's sunrises' mess to clean up; they've
78	> > volunteered to do this work, I don't see how you can claim it as a
79	> > negative when they've accepted it as part of _their_ work.
80	>
81	> The problems will pile up in bugs.g.o and "usally" with the wrong addressee.
82	> This has been every now and then the case with other overlays as well as
83	> users of distros building on Gentoo. I can live with that to a degree. But
84	> when we do this mess ourselves, it get's highly annoying.
85	Hmmm?
86	The problem with most other overlays is that they also may have updated
87	or patched versions of in-tree applications. Most problems that you
88	claim should not happen in sunrise.
89
90	> > Granted, they may give you the finger and quit, or your remaining
91	> > fellow devs may rightfully boot you for playing games, but the point
92	> > stands- they stepped up to do the work, including cleaning up
93	> > anything y'all may break for them.
94	>
95	> You're doing it again. No I'm not playig games with you. I have reasonable
96	> complaints and consider this sort of overlay a failure. Then an extra
97	> development tree would be much better.
98
99	I still fail to see what your issues with it are. All the points you
100	stated are either invalid or not an issue from my p.o.v.
101
102	>
103	> > You're not limited- they're the ones limited via trying to not step on
104	> > gentoo-x86's toes. How is that a negative then?
105	>
106	> I fear for the security of our user base, especially the lazy, uneducated
107	> ricers and how this wll reflect on Gentoo's reputation as a whole.
108	What is Gentoo's reputation? I mean ... people have said this a few
109	times, but has anyone just asked a random subset of linux users how they
110	see Gentoo?
111
112	I guess having a reputation of being bleeding edge, having fast-paced
113	development (with many transient bugs because of the rapid pace of
114	change) and being really easy to use conflicts really hard with Sunrise,
115	right?
116
117	> I fear
118	> more annoying, invalid bug reports. I don't see any benefit for the existing
119	> tree or Gentoo as a whole.
120	So ignore it. You don't have to use it, but you're trying to limit other
121	devs and users (who may become devs) in their freedom to work on any
122	aspect of gentoo they like.
123	Ebuilds rotting for years in bugzilla (and bugzilla can be quite
124	confusing to use) can not be better than a maintained overlay where
125	people even review ebuilds for mistakes. I wonder why you're implicitly
126	advocating the worse policy, that (from my point of view) is silly and
127	more damaging to Gentoo, if anything is getting damaged at all.
128
129	I don't see any benefits in not supporting (or just passively ignoring)
130	sunrise. If it fails you can still pull the plug, but until now it has
131	been quite successful in finding motivated users and putting them to
132	use. Granted, communication has been difficult,but the reactions from
133	some devs look really bizzare and extreme to me.
134	(Just food for thought - you shut down sunrise. I pick up the pieces,
135	host it on my hardware and do what I want. You can't stop me, you can't
136	influence my policies, you haven't gained a thing. Users still use The
137	Overlay Formerly Known as Sunrise and complain that Gentoo sucks
138	(because that overlay has wrecked their machine, I'm a mean bastard
139	after all!
140	That's why you should keep Sunrise running and controllable by Gentoo
141	people.)
142
143
144	Have fun,
145
146	Patrick
147	--
148	Stand still, and let the rest of the universe move