1 |
On Fri, 2006-06-09 at 07:44 -0400, Peter wrote: |
2 |
> Firstly, I think it is very clear that anything in sunrise is experimental |
3 |
> or not supported in the main gentoo tree. That's fine! I don't think any |
4 |
> user who goes through the trouble to set up an overlay would miss that |
5 |
> point. You can't go to o.g.o and not see the disclaimers. And, anyone who |
6 |
> goes through the trouble to svn the overlay, edit make.conf, etc., would |
7 |
> not be an ignorant newbie (no disrespect to newbies intended). Anyone who |
8 |
> fetches the sunrise overlay would know exactly what he/she intends to do |
9 |
> and why. Much different than emerge --sync with keyword x86. |
10 |
|
11 |
Sorry, but if it isn't supported, it doesn't belong on Gentoo |
12 |
infrastructure. |
13 |
|
14 |
> Secondly, my bias against a third party repository is perhaps unwarranted. |
15 |
> I am sure the bmg site is excellent and the people running it are |
16 |
> well-intentioned and experienced. However, that said, as a user, I have a |
17 |
> higher comfort level staying in the gentoo.realm. |
18 |
|
19 |
Again, you are *proving* the point on why this would be bad. It would |
20 |
be not nearly as well maintained, yet users such as yourself will have |
21 |
this rose-colored perception that "it's from Gentoo, so it must be |
22 |
good." This is the *exact* thing that I am trying to avoid. This will |
23 |
*not* be from Gentoo and it will *not* be good. |
24 |
|
25 |
> Thirdly, the opportunity to be able to publish ebuilds that would |
26 |
> otherwise languish in bugzilla is very exciting. I think it also gives the |
27 |
> bugday people an opportunity to close out bugs. Despite what others have |
28 |
> written, having multi-year old bugs is very counter productive. If |
29 |
> something has not been fixed in so long, it probably either can't be |
30 |
> fixed, or may not even apply anymore. I know this is a generalization, but |
31 |
> if a bug was filed against gentoo 2004.3, who knows if it still applies |
32 |
> with gentoo 2006.0. Especially if there has been little or no activity. |
33 |
|
34 |
Perhaps there is no activity because the interest is not there? Nobody |
35 |
seems to be taking this into account. |
36 |
|
37 |
If you really think your package should be added to the tree, then add |
38 |
yourself to CC, get your friends on CC, drum up some support in the |
39 |
forums, find yourself a developer to proxy maintain for you. We don't |
40 |
need a dumping ground for abandoned or little-use ebuilds. |
41 |
|
42 |
> Personally, I don't see the conflict, or the risk, or the additional work |
43 |
> for devs. In fact, I see the opposite. Removing maintainer-wanted bugs is |
44 |
> a net positive. If that means the proposed ebuild lives in o.g.o that's |
45 |
> fine. Just point users who see the bug over to it. And, if an ebuild |
46 |
> proves to be useful, or popular, it's conceivable that it could ultimately |
47 |
> find its way over to the main tree. |
48 |
|
49 |
Well, I've done about as good as I can do to point out how it would be |
50 |
additional work and a major risk. If you cannot see it, there's not |
51 |
much else I can do. Luckily, a growing number of official developers |
52 |
*do* see the risks and are taking a stand against this egregious waste |
53 |
of time. |
54 |
|
55 |
> As for the more sinister aspects of a rogue ebuild finding its way onto |
56 |
> o.g.o, sure that's a possibility. However, any dev could do the same in |
57 |
> portage because they have commit access (and the problem may not be |
58 |
> caught right away). Moreover, it's possible that an ebuild may be fine, |
59 |
> but a particular version of a package tarball could have outright |
60 |
> malicious code or an undetected security hole in it that has not been |
61 |
> caught yet. That could find its way onto portage too. IMHO, I don't see |
62 |
> any more risk to security in o.g.o. |
63 |
|
64 |
Sure, a developer could be a risk, but they've gone through much more |
65 |
extensive checking and testing than some user who submitted an ebuild to |
66 |
a bug. |
67 |
|
68 |
> Again, I think you need to consider your audience for o.g.o. The newbie |
69 |
> won't be there or be syncing to o.g.o. The server admin probably would not |
70 |
> be there either for updating a production machine. I think the main |
71 |
> audience for o.g.o. would be the power user, or the wannabe power user or |
72 |
> certain project teams, or people with a particular interest or need in a |
73 |
> project not hosted on the main tree -- that is people who actively need |
74 |
> sunrise's services. |
75 |
|
76 |
You're absolutely right. We need to think of the audience. The |
77 |
overlays.gentoo.org project was touted as a way to foster the community |
78 |
and to help *developers* develop things that might be intrusive to the |
79 |
portage tree, as well as allow for easier non-developer contributions. |
80 |
It was *never* touted as a place where we would allow dumping of |
81 |
half-correct, unsupported, and only marginally quality ebuilds for mass |
82 |
user consumption. |
83 |
|
84 |
> And, looking at this from a broader perspective, I see this as a real |
85 |
> enhancement to gentoo. Offering an experimental tree for packages not |
86 |
> intended or not wanted in the main tree. This is an added benefit, it |
87 |
> demonstrates a policy of inclusion, not exclusion. It shows a willingness |
88 |
> to push the envelope and give certain packages a home where they would not |
89 |
> normally get one. |
90 |
|
91 |
It also shows that we're not concerned with quality or providing a |
92 |
consistent experience where things are meant to work together. It shows |
93 |
our complete lack of commitment to the safety of our users. It shows |
94 |
that we really are nothing more than a bunch of ricers that will take |
95 |
the quick and easy approach, rather than doing things right. |
96 |
|
97 |
No thanks... |
98 |
|
99 |
-- |
100 |
Chris Gianelloni |
101 |
Release Engineering - Strategic Lead |
102 |
x86 Architecture Team |
103 |
Games - Developer |
104 |
Gentoo Linux |