1 |
Chris Bainbridge wrote: |
2 |
> On 08/06/06, Jon Portnoy <avenj@g.o> wrote: |
3 |
>> I do very much object to using any gentoo.org infrastructure or |
4 |
>> subdomains to do so. If someone is going to tackle that, it should be |
5 |
>> done outside of Gentoo proper. We don't need to be stuck maintaining and |
6 |
>> supporting a semiofficial overlay. |
7 |
> |
8 |
> There are already loads of semi-official overlays. Besides the stuff |
9 |
> actually hosted by gentoo (random example |
10 |
> http://dev.gentoo.org/~flameeyes/bzr/overlay/) there are official |
11 |
> groups (again, not picking on anyone but exampes would be java, php, |
12 |
> webapps...) with semi-official overlays. I don't know if the overlays |
13 |
> are actually hosted on gentoo hardware, but when they're run by gentoo |
14 |
> devs, publically available, and referred to in forums, bugzilla, |
15 |
> mailing lists etc. then that at least makes them "semi-official". |
16 |
|
17 |
These overlays are completely controlled by Gentoo developers, which is |
18 |
what the overlays.gentoo.org was going to be, simply a single location |
19 |
for all these developer controlled overlays. This project is an overlay |
20 |
(un)controlled by random users, with no quality checks or any standards |
21 |
of any kind. This is fine for non-gentoo hosted stuff (like BMG), but |
22 |
hosting stuff like this on *.gentoo.org, and not having the use go |
23 |
through hoops to use it is probably not a good idea from either a |
24 |
security or QA standpoint. |
25 |
|
26 |
Currently 3rd party ebuilds can live in bugzilla, and the use must |
27 |
create their own overlay, and generate their own digests to use them. |
28 |
Making a user put this extra work into encourages users to be more |
29 |
careful, and hopefully look stuff over before using it. It also |
30 |
reinforces that the package is _unsupported_, hence discouraging them |
31 |
from filing any new bugs. |
32 |
|
33 |
Having a "semi-official" overlay where users can contribute ebuilds will |
34 |
open possible security problems (malicious commits) as well as be a |
35 |
QA/bug triaging nightmare as developers will have to figure out whether |
36 |
the ebuild the user is using came from the "official" overlay or the |
37 |
official tree. |
38 |
-- |
39 |
gentoo-dev@g.o mailing list |