| 1 |
Chris Bainbridge wrote: |
| 2 |
> On 08/06/06, Jon Portnoy <avenj@g.o> wrote: |
| 3 |
>> I do very much object to using any gentoo.org infrastructure or |
| 4 |
>> subdomains to do so. If someone is going to tackle that, it should be |
| 5 |
>> done outside of Gentoo proper. We don't need to be stuck maintaining and |
| 6 |
>> supporting a semiofficial overlay. |
| 7 |
> |
| 8 |
> There are already loads of semi-official overlays. Besides the stuff |
| 9 |
> actually hosted by gentoo (random example |
| 10 |
> http://dev.gentoo.org/~flameeyes/bzr/overlay/) there are official |
| 11 |
> groups (again, not picking on anyone but exampes would be java, php, |
| 12 |
> webapps...) with semi-official overlays. I don't know if the overlays |
| 13 |
> are actually hosted on gentoo hardware, but when they're run by gentoo |
| 14 |
> devs, publically available, and referred to in forums, bugzilla, |
| 15 |
> mailing lists etc. then that at least makes them "semi-official". |
| 16 |
|
| 17 |
These overlays are completely controlled by Gentoo developers, which is |
| 18 |
what the overlays.gentoo.org was going to be, simply a single location |
| 19 |
for all these developer controlled overlays. This project is an overlay |
| 20 |
(un)controlled by random users, with no quality checks or any standards |
| 21 |
of any kind. This is fine for non-gentoo hosted stuff (like BMG), but |
| 22 |
hosting stuff like this on *.gentoo.org, and not having the use go |
| 23 |
through hoops to use it is probably not a good idea from either a |
| 24 |
security or QA standpoint. |
| 25 |
|
| 26 |
Currently 3rd party ebuilds can live in bugzilla, and the use must |
| 27 |
create their own overlay, and generate their own digests to use them. |
| 28 |
Making a user put this extra work into encourages users to be more |
| 29 |
careful, and hopefully look stuff over before using it. It also |
| 30 |
reinforces that the package is _unsupported_, hence discouraging them |
| 31 |
from filing any new bugs. |
| 32 |
|
| 33 |
Having a "semi-official" overlay where users can contribute ebuilds will |
| 34 |
open possible security problems (malicious commits) as well as be a |
| 35 |
QA/bug triaging nightmare as developers will have to figure out whether |
| 36 |
the ebuild the user is using came from the "official" overlay or the |
| 37 |
official tree. |
| 38 |
-- |
| 39 |
gentoo-dev@g.o mailing list |
Archives