Gentoo Archives: gentoo-project

From: "Michał Górny" <mgorny@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] [RFC] New project: GURU [Gentoo User Repository, Unreviewed]
Date: Mon, 04 Feb 2019 14:02:34
In Reply to: Re: [gentoo-project] [RFC] New project: GURU [Gentoo User Repository, Unreviewed] by Brian Evans
On Mon, 2019-02-04 at 08:43 -0500, Brian Evans wrote:
> On 2/4/2019 8:28 AM, Michał Górny wrote: > > On Mon, 2019-02-04 at 11:58 +0100, Alexis Ballier wrote: > > > On Sun, 03 Feb 2019 20:28:49 +0100 > > > Michał Górny <mgorny@g.o> wrote: > > > > > > > --- > > > > What do you think? > > > > > > > > > > What is the difference with sunrise ? > > > > The difference, as noted in the mail, is that it doesn't rely > > on developers having time to review ebuilds. Therefore, it is less > > likely to die because of developers lacking time to review stuff. > > It's a horrible thing not to have reviewed builds. They can be > increasingly bad quality. Even going as far as ignoring PMS or > redefining every variable because they don't like things (yes, we've > seen this in recent times).
That's inevitable. 'Horribly bad quality' happens in Gentoo as well, more often than you think. The difference is, people throw mud at you on public mailing lists if you dare point it out to them. The question is: is the effort needed to review everything justified? Let's say you have two repositories: one where everything is reviewed (and people can commit only after getting approval), and the other where it's not (and people can commit at any time, and others can improve their ebuilds). You let them run like this for 6 months. Do you think the number of good quality ebuilds in repository A will be significantly greater than number of good quality ebuilds in repository B?
> We have Gentoo developers for a reason and that should not change. > Blindly accepting community contributions is a dangerous game.
What is that reason? How is 'blindly accepting community contributions' different from 'blindly accepting new developers'? In the former case, at least we're not pretending things are secure when they're not. -- Best regards, Michał Górny


File name MIME type
signature.asc application/pgp-signature