1 |
On Thu, 2006-08-03 at 18:21 +0200, Carsten Lohrke wrote: |
2 |
> The difference is that I argue, while you accuse me to play false. I consider |
3 |
> this as ad hominem and together with all this "FUD" and "BS" calling, in |
4 |
> contrary to my email, inflammatory. |
5 |
... and that is inflammatory :-) |
6 |
|
7 |
> > > I'd appreciate, if you would try to have a controversial |
8 |
> > > discussion, without starting to loose your manners. |
9 |
> > |
10 |
> > And I'd appreciate a less condescending tone. |
11 |
> |
12 |
> This wasn't meant condescending, but a true request. Because it's not the |
13 |
> first time you react this way, when you dislike another ones opinion. It is |
14 |
> as annoying as Ciaran's habit to make statements without backing them up - |
15 |
> even when asked to do so. |
16 |
I think it's a language barrier - as you (and I) are not native english speakers we tend to put a different emphasis on words. |
17 |
What may look perfectly polite to you could be a big insult to a french |
18 |
or japanese speaker ... |
19 |
|
20 |
That being said, I'd interpret what you've written as mildly |
21 |
condescending too. |
22 |
|
23 |
|
24 |
> > 3) Assumption that sunrise will just be a dumping ground, without any |
25 |
> > form of maintainance is implicit here- if it becomes as such, already |
26 |
> > was stated it would get wedgied by the council. So that leaves the |
27 |
> > angle of "they don't have a security team", which implies to actually |
28 |
> > handle nuking vulnerable ebuilds, one has to have a security team |
29 |
> > (obviously false). |
30 |
> |
31 |
> Dumping ground or not. It's easy to miss vulnerability notices. Especially, if |
32 |
> you don't have guys who expclicitly care for it. And you need a security team |
33 |
> to announce issue to the user base. I wouldn't use Gentoo, if we not had such |
34 |
> a hard and good working security team. |
35 |
> |
36 |
I wonder if all inofficial overlays and bugs are always updated? |
37 |
Sunrise is still young, but the way they've handled bugreports makes me |
38 |
quite confident that they'll be able to handle security issues when they |
39 |
have reached a stable and sustainable size. |
40 |
|
41 |
> > Besides... frankly it's kind of BS to push the vuln angle onto sunrise |
42 |
> > when gentoo can't even clean out years old vulnerable packages from |
43 |
> > gentoo-x86 (that doesn't absolve sunrise from having to watch it, nor |
44 |
> > a potshot at the understaffed security team, merely that double |
45 |
> > standards suck). |
46 |
> |
47 |
> Interesting to see you state this. Because this is a far more serious problem, |
48 |
> than supporting "everything" possible; And Sunrise won't fix this either - if |
49 |
> not the opposite. One of the goals of Sunrise is to recruit new devs. But we |
50 |
> don't need new devs to add new packages primarily, we more to maintain |
51 |
> existing and not so fancy stuff and to clean out the tree. |
52 |
> |
53 |
How do you train devs? |
54 |
Also, who is only working on the things he did when he initially became |
55 |
dev? |
56 |
|
57 |
[snip] |
58 |
> Your list is rubbish. There're stable versions for all security wise supported |
59 |
> architectures and the relevant GLSA's. If users don't use them, it's their |
60 |
> local problem. |
61 |
If users use sunrise it's their local problem, too. |
62 |
> |
63 |
> > > > And... just cause I'm mildly sick of this bullshit, |
64 |
> > > |
65 |
> > > And I'm sick of people, who miss the point. |
66 |
> > |
67 |
> > As stated above, be concise then. Your points came out of pretty |
68 |
> > much nowhere, poorly communicated, and rather vague in actually |
69 |
> > backing them up. Which... at least from the "backing up the |
70 |
> > complaints", has been the theme for the screaming folk thus far. |
71 |
> |
72 |
> Do I have to learn you to read? See above. |
73 |
^^ that is really condescending. |
74 |
|
75 |
|
76 |
> > So someone goes and breaks something in gentoo-x86 that breaks |
77 |
> > something for sunrise. Fine, it's sunrises' mess to clean up; they've |
78 |
> > volunteered to do this work, I don't see how you can claim it as a |
79 |
> > negative when they've accepted it as part of _their_ work. |
80 |
> |
81 |
> The problems will pile up in bugs.g.o and "usally" with the wrong addressee. |
82 |
> This has been every now and then the case with other overlays as well as |
83 |
> users of distros building on Gentoo. I can live with that to a degree. But |
84 |
> when we do this mess ourselves, it get's highly annoying. |
85 |
Hmmm? |
86 |
The problem with most other overlays is that they also may have updated |
87 |
or patched versions of in-tree applications. Most problems that you |
88 |
claim should not happen in sunrise. |
89 |
|
90 |
> > Granted, they may give you the finger and quit, or your remaining |
91 |
> > fellow devs may rightfully boot you for playing games, but the point |
92 |
> > stands- they stepped up to do the work, including cleaning up |
93 |
> > anything y'all may break for them. |
94 |
> |
95 |
> You're doing it again. No I'm not playig games with you. I have reasonable |
96 |
> complaints and consider this sort of overlay a failure. Then an extra |
97 |
> development tree would be much better. |
98 |
|
99 |
I still fail to see what your issues with it are. All the points you |
100 |
stated are either invalid or not an issue from my p.o.v. |
101 |
|
102 |
> |
103 |
> > You're not limited- they're the ones limited via trying to not step on |
104 |
> > gentoo-x86's toes. How is that a negative then? |
105 |
> |
106 |
> I fear for the security of our user base, especially the lazy, uneducated |
107 |
> ricers and how this wll reflect on Gentoo's reputation as a whole. |
108 |
What is Gentoo's reputation? I mean ... people have said this a few |
109 |
times, but has anyone just asked a random subset of linux users how they |
110 |
see Gentoo? |
111 |
|
112 |
I guess having a reputation of being bleeding edge, having fast-paced |
113 |
development (with many transient bugs because of the rapid pace of |
114 |
change) and being really easy to use conflicts really hard with Sunrise, |
115 |
right? |
116 |
|
117 |
> I fear |
118 |
> more annoying, invalid bug reports. I don't see any benefit for the existing |
119 |
> tree or Gentoo as a whole. |
120 |
So ignore it. You don't have to use it, but you're trying to limit other |
121 |
devs and users (who may become devs) in their freedom to work on any |
122 |
aspect of gentoo they like. |
123 |
Ebuilds rotting for years in bugzilla (and bugzilla can be quite |
124 |
confusing to use) can not be better than a maintained overlay where |
125 |
people even review ebuilds for mistakes. I wonder why you're implicitly |
126 |
advocating the worse policy, that (from my point of view) is silly and |
127 |
more damaging to Gentoo, if anything is getting damaged at all. |
128 |
|
129 |
I don't see any benefits in not supporting (or just passively ignoring) |
130 |
sunrise. If it fails you can still pull the plug, but until now it has |
131 |
been quite successful in finding motivated users and putting them to |
132 |
use. Granted, communication has been difficult,but the reactions from |
133 |
some devs look really bizzare and extreme to me. |
134 |
(Just food for thought - you shut down sunrise. I pick up the pieces, |
135 |
host it on my hardware and do what I want. You can't stop me, you can't |
136 |
influence my policies, you haven't gained a thing. Users still use The |
137 |
Overlay Formerly Known as Sunrise and complain that Gentoo sucks |
138 |
(because that overlay has wrecked their machine, I'm a mean bastard |
139 |
after all! |
140 |
That's why you should keep Sunrise running and controllable by Gentoo |
141 |
people.) |
142 |
|
143 |
|
144 |
Have fun, |
145 |
|
146 |
Patrick |
147 |
-- |
148 |
Stand still, and let the rest of the universe move |