| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Brian Harring wrote: |
| 5 |
> On Mon, Aug 22, 2005 at 11:59:54PM +0200, Marius Mauch wrote: |
| 6 |
> |
| 7 |
>>On 08/22/05 Brian Harring wrote: |
| 8 |
>> |
| 9 |
>> |
| 10 |
>>>On Mon, Aug 22, 2005 at 11:33:23PM +0200, Marius Mauch wrote: |
| 11 |
>>> |
| 12 |
>>>>Theoretical discussions about this are pointless IMO without |
| 13 |
>>>>numbers/facts to back things up. |
| 14 |
>>> |
| 15 |
>>>I'd posit theroetical discussions about this are pointless without |
| 16 |
>>>getting ebuild dev's to give a yay/nay on whether they want it or not; |
| 17 |
>>> |
| 18 |
>>>not much for trying to force it down their throats if they don't want |
| 19 |
>>>it (more work, essentially). |
| 20 |
>> |
| 21 |
>>That too. But providing them with some numbers will certainly have an |
| 22 |
>>effect on their decision (especially if it shows that it doesn't really |
| 23 |
>>affect them ;) |
| 24 |
> |
| 25 |
> Rather hard to back it up though, without specialized knowledge in |
| 26 |
> (effectively) the whole tree- either we do it, or we ask nicely those |
| 27 |
> who are supposed to have such knowledge :) |
| 28 |
> |
| 29 |
> I can rattle off a couple of env vars that screw things up, but how |
| 30 |
> many of us are aware that an exported ARCH screws with kernel builds |
| 31 |
> fex? |
| 32 |
> |
| 33 |
> I'd punt it to them, and find out what they think (tiz the route I |
| 34 |
> took when I brought this up last). |
| 35 |
> |
| 36 |
> Explicit whitelisting is great for getting closer to deterministic |
| 37 |
> builds, but it's a helluva overhead on a side note. |
| 38 |
> ~harring |
| 39 |
|
| 40 |
I'm kinda with genone on implementing both ( since they are similar ). |
| 41 |
If it's decided that blacklisting is easier to maintain, I can always |
| 42 |
make up my own whitelist for pkg-foo and apply it and if it works submit |
| 43 |
it as a bug ( or even some other whitelist database? ) and thus can |
| 44 |
gaurentee that my package was built 'correctly'(TM). I think this would |
| 45 |
be important in fex, an enterprise distribution type deal where the |
| 46 |
build env is important to some. Put the whitelists in the tree and have |
| 47 |
them --excluded by default, so only the users that use them have to |
| 48 |
downlaod them. |
| 49 |
|
| 50 |
Regardless I'd like to see what actual people who write and manage |
| 51 |
ebuilds think, I've only written a few and I don't have much experience |
| 52 |
in that area. ( Spanky, solar, etc... the crazy ones ) :) |
| 53 |
|
| 54 |
- -Alec Warner (antarus) |
| 55 |
-----BEGIN PGP SIGNATURE----- |
| 56 |
Version: GnuPG v1.4.1 (GNU/Linux) |
| 57 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
| 58 |
|
| 59 |
iQIVAwUBQwpTUmzglR5RwbyYAQKPOA/+PbhtDYbbasHP9ZDa2SwTN+YVQRfXEfBt |
| 60 |
QwqjmtmdSyGSsLJL7C5PtASL/lLUK0z6uI2LmCniHctvIzvHd7/dAZO8deq4Hqcb |
| 61 |
18CgXZucwqvGnLhPIC23Z7CTXb3dUf60WTbwjkP4vTmywRtWr3eOqGIZ03pgjrBr |
| 62 |
GDtb+onEGn8lSMxdqRuUxCvFnyz+QIaX2ysOahH/qKRIcJXh4w/zFQrDy+9olSpy |
| 63 |
CAkaZLrOplRKZSSkz5i/W1dpKioa7fa3FXD43a7uWXzoRsLNxivyhNqtJJ34rnPI |
| 64 |
UexjElpelGlnw4zdDGzq5waYDpwUPfme8vz4pHEZ0MtqGQZ7OCsl3Pnz5q44Z7Vd |
| 65 |
cwN5+limQGN0dg55kYgbx+pOm0TRi5u9iAHMdlLojxD9e29AeGpRijeaWfm6ZuRk |
| 66 |
MEQrBJMFkhm4BaOuZ8+lcmaso1SxsfdQnlEnwXBVnjt2uoqy/G14wGPxye+gb3tL |
| 67 |
kUqBhB+DNH8RMO6Sgu+DDTsLT2vx7w7MV7XMQorBD6g4nvIxdl5OR13sI0Yo+gnt |
| 68 |
RF6BlM7eShMrx9aYx9Xr97F9XuBH8tIOKzpSqPK+O/cevJVVu6IwSU8VyPW2o0Rr |
| 69 |
rKCwS04vrYSwkfpvNgChNHSqhk08NKcBIQD4sLvrMZpp70OyGXgMTvryUxjzgejA |
| 70 |
Tb1Woep3gYk= |
| 71 |
=Q3sT |
| 72 |
-----END PGP SIGNATURE----- |
| 73 |
-- |
| 74 |
gentoo-portage-dev@g.o mailing list |
Archives