1 |
On Tue, 2020-11-03 at 07:13 +0200, Joonas Niilola wrote: |
2 |
> I'm suggesting a new QA policy to disallow any "live-ebuild-only |
3 |
> packages" being hosted in ::gentoo. |
4 |
|
5 |
I'm with you on this though I think it should be relaxed to disallow |
6 |
only long term presence of pure live packages. It's fine to add a live |
7 |
ebuild first for a month or two if you're still working on something |
8 |
(just like it's fine to add a masked package). However, it's not fine |
9 |
to leave things like this for years. |
10 |
|
11 |
That said, maybe the policy should cover 'long-term masked packages' |
12 |
in general. See below. |
13 |
|
14 |
> Rationale being the same as why |
15 |
> -9999 packages can't have KEYWORDS: They are unpredictable and |
16 |
> potentially insecure. Unpredictability could mean upstream repo being |
17 |
> broken at any given time placing users in an awkward situation, where |
18 |
> they are able to build some packages while not the others. Upstream |
19 |
> repo can also be force-pushed over. I feel like packages offered in |
20 |
> ::gentoo shouldn't have these issues, and the need to have at least one |
21 |
> safe release available to users that's guaranteed to build. |
22 |
|
23 |
I agree with this but I'd like to emphasize one point: these packages |
24 |
are not installable for users out of the box. They are not tested |
25 |
as part of tinderboxing. They simply can't be installed in some |
26 |
environments (e.g. network-restricted) though obviously they're not |
27 |
production-ready by design. |
28 |
|
29 |
-- |
30 |
Best regards, |
31 |
Michał Górny |