1 |
On Fri, 09 Jun 2006 13:08:01 +0200, Henrik Brix Andersen wrote: |
2 |
|
3 |
> On Thu, Jun 08, 2006 at 06:31:43PM -0400, Peter wrote: |
4 |
>> And, for me again as a user, using a gentoo-hosted overlay is |
5 |
>> preferable to a third party repository. This is a personal bias on my |
6 |
>> part -- and maybe unwarranted. |
7 |
> |
8 |
> This is actually my main concern with the Sunrice project. You say you |
9 |
> would prefer a gentoo-hosted overlay to a third party repository. Why is |
10 |
> that? I can only assume it's because you think "hey, it's officially |
11 |
> endorsed by Gentoo, the same people who maintain the other official |
12 |
> ebuilds - so it must be ok". |
13 |
> |
14 |
> I suspect most users will think similar and will come yelling at us, or |
15 |
> even worse - at upstream, when something in this overlay breaks and |
16 |
> leaves their computer as expensive paper weight (at least until they've |
17 |
> formattet and started over). |
18 |
> |
19 |
> Regards, |
20 |
> Brix |
21 |
|
22 |
I don't think so. I look forward to the sunrise (sorry I called it |
23 |
sunshine earlier, it was late) project because of two reasons. |
24 |
|
25 |
Firstly, I think it is very clear that anything in sunrise is experimental |
26 |
or not supported in the main gentoo tree. That's fine! I don't think any |
27 |
user who goes through the trouble to set up an overlay would miss that |
28 |
point. You can't go to o.g.o and not see the disclaimers. And, anyone who |
29 |
goes through the trouble to svn the overlay, edit make.conf, etc., would |
30 |
not be an ignorant newbie (no disrespect to newbies intended). Anyone who |
31 |
fetches the sunrise overlay would know exactly what he/she intends to do |
32 |
and why. Much different than emerge --sync with keyword x86. |
33 |
|
34 |
Secondly, my bias against a third party repository is perhaps unwarranted. |
35 |
I am sure the bmg site is excellent and the people running it are |
36 |
well-intentioned and experienced. However, that said, as a user, I have a |
37 |
higher comfort level staying in the gentoo.realm. |
38 |
|
39 |
Thirdly, the opportunity to be able to publish ebuilds that would |
40 |
otherwise languish in bugzilla is very exciting. I think it also gives the |
41 |
bugday people an opportunity to close out bugs. Despite what others have |
42 |
written, having multi-year old bugs is very counter productive. If |
43 |
something has not been fixed in so long, it probably either can't be |
44 |
fixed, or may not even apply anymore. I know this is a generalization, but |
45 |
if a bug was filed against gentoo 2004.3, who knows if it still applies |
46 |
with gentoo 2006.0. Especially if there has been little or no activity. |
47 |
|
48 |
Personally, I don't see the conflict, or the risk, or the additional work |
49 |
for devs. In fact, I see the opposite. Removing maintainer-wanted bugs is |
50 |
a net positive. If that means the proposed ebuild lives in o.g.o that's |
51 |
fine. Just point users who see the bug over to it. And, if an ebuild |
52 |
proves to be useful, or popular, it's conceivable that it could ultimately |
53 |
find its way over to the main tree. |
54 |
|
55 |
As for the more sinister aspects of a rogue ebuild finding its way onto |
56 |
o.g.o, sure that's a possibility. However, any dev could do the same in |
57 |
portage because they have commit access (and the problem may not be |
58 |
caught right away). Moreover, it's possible that an ebuild may be fine, |
59 |
but a particular version of a package tarball could have outright |
60 |
malicious code or an undetected security hole in it that has not been |
61 |
caught yet. That could find its way onto portage too. IMHO, I don't see |
62 |
any more risk to security in o.g.o. |
63 |
|
64 |
Again, I think you need to consider your audience for o.g.o. The newbie |
65 |
won't be there or be syncing to o.g.o. The server admin probably would not |
66 |
be there either for updating a production machine. I think the main |
67 |
audience for o.g.o. would be the power user, or the wannabe power user or |
68 |
certain project teams, or people with a particular interest or need in a |
69 |
project not hosted on the main tree -- that is people who actively need |
70 |
sunrise's services. |
71 |
|
72 |
And, looking at this from a broader perspective, I see this as a real |
73 |
enhancement to gentoo. Offering an experimental tree for packages not |
74 |
intended or not wanted in the main tree. This is an added benefit, it |
75 |
demonstrates a policy of inclusion, not exclusion. It shows a willingness |
76 |
to push the envelope and give certain packages a home where they would not |
77 |
normally get one. |
78 |
|
79 |
-- |
80 |
Peter |
81 |
|
82 |
|
83 |
-- |
84 |
gentoo-dev@g.o mailing list |