Gentoo Archives: gentoo-dev

From: Seemant Kulleen <seemant@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [soc] Python bindings for Paludis
Date: Sat, 31 Mar 2007 19:27:39
Message-Id: 1175369043.5961.30.camel@localhost
In Reply to: Re: [gentoo-dev] [soc] Python bindings for Paludis by Andrej Kacian
1 On Sat, 2007-03-31 at 20:16 +0200, Andrej Kacian wrote:
2 > On Sat, 31 Mar 2007 20:02:28 +0200
3 > "Christopher Covington" <covracer@×××××.com> wrote:
4 >
5 > > The first condition you list is a sort of nativism that I for one
6 > > would expect not to find in a successful copyleft project created on
7 > > the Internet. Why should the code Gentoo uses be written by Gentoo
8 > > developers? Nobody seems to have a problem with using someone else's C
9 > > compiler and installation tools (gcc, autoconf, automake). Resistance
10 > > to a package manager on the grounds that, "It wasn't originally
11 > > written by us!" could perhaps push technical arguments that actually
12 > > matter into the background.
14 That's not what he's saying. All those other things you mention are
15 critical to a linux system -- ANY linux system, EVERY linux system, ANY
16 distro, ALL distros, ANY BSD system, ALL BSD system, ANY BSD distro, ALL
17 BSD distros, and more. They are, in other words, shared resources. RPM
18 is another example of a shared resource. Apt might well be considered
19 to be so as well. Portage, on the other hand, is not. It is, you see,
20 part of the very identity of *this* distribution, and isn't quite shared
21 by other major distributions. If portage, or a tool very much like it,
22 becomes part of the larger community and shared by 2 or more *major*
23 distributions, then your argument starts to hold water. Until then, I'm
24 afraid it's a straw man.
27 > It seems to me that this is just vapier's way of saying "I don't want ciaranm
28 > anywhere near an official package manager".
31 Far be it from me to read spanky's mind, and may I say: far be it from
32 you too. However, given my paragraph above (and prior emails in this
33 thread from both vapier and me), I would say that your statement is
34 inaccurate, at worse, but incomplete at best. The point being made,
35 then, is that for an official package manager to exist *for Gentoo*, it
36 needs to be under *Gentoo's* control.
38 To make it more clear. If the gcc developers decided to stick some
39 malicious code into gcc, it affects the entire linux community, the
40 entire BSD community and would take out a few other communities as well.
41 The effects are far reaching and shared by everyone. If an official
42 package manager is outside of Gentoo's control, and the maintainer(s) of
43 that piece of software decide to do anything malicious (examples: inject
44 some dodgy code, remove documentation, take out access to the
45 repository, etc) for whatever reason (say, they get pissed off at a few
46 Gentoo people and decide that the entire Gentoo community can be painted
47 that way), then Gentoo has now become a slave to those people. That,
48 I'm sure you'll agree, is unacceptable.
50 So, no, what vapier was saying (at least in prior emails) is that
51 regardless of what package manager is deemed to be official, it needs to
52 meet a minimum set of criteria, and one of those is that it needs to be
53 housed on gentoo infrastructure and maintained by gentoo developers (and
54 thus be accountable for their code).
56 Please don't read anything into what I've said other than what I've
57 said.
59 Thanks,
61 Seemant


File name MIME type
signature.asc application/pgp-signature