| 1 |
On Tue, 2020-11-03 at 07:13 +0200, Joonas Niilola wrote: |
| 2 |
> I'm suggesting a new QA policy to disallow any "live-ebuild-only |
| 3 |
> packages" being hosted in ::gentoo. |
| 4 |
|
| 5 |
I'm with you on this though I think it should be relaxed to disallow |
| 6 |
only long term presence of pure live packages. It's fine to add a live |
| 7 |
ebuild first for a month or two if you're still working on something |
| 8 |
(just like it's fine to add a masked package). However, it's not fine |
| 9 |
to leave things like this for years. |
| 10 |
|
| 11 |
That said, maybe the policy should cover 'long-term masked packages' |
| 12 |
in general. See below. |
| 13 |
|
| 14 |
> Rationale being the same as why |
| 15 |
> -9999 packages can't have KEYWORDS: They are unpredictable and |
| 16 |
> potentially insecure. Unpredictability could mean upstream repo being |
| 17 |
> broken at any given time placing users in an awkward situation, where |
| 18 |
> they are able to build some packages while not the others. Upstream |
| 19 |
> repo can also be force-pushed over. I feel like packages offered in |
| 20 |
> ::gentoo shouldn't have these issues, and the need to have at least one |
| 21 |
> safe release available to users that's guaranteed to build. |
| 22 |
|
| 23 |
I agree with this but I'd like to emphasize one point: these packages |
| 24 |
are not installable for users out of the box. They are not tested |
| 25 |
as part of tinderboxing. They simply can't be installed in some |
| 26 |
environments (e.g. network-restricted) though obviously they're not |
| 27 |
production-ready by design. |
| 28 |
|
| 29 |
-- |
| 30 |
Best regards, |
| 31 |
Michał Górny |
Archives