1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
On 11/15/2014 09:29 PM, Rich Freeman wrote: |
5 |
> On Sat, Nov 15, 2014 at 10:00 AM, hasufell <hasufell@g.o> |
6 |
> wrote: |
7 |
>> |
8 |
>> Turning it off will decrease organizational problems, make the |
9 |
>> distribution more focused and eventually more high quality, |
10 |
>> because people would be able to actually work together on the |
11 |
>> _core_ of gentoo (toolchain, base-system, eclasses, PM...). |
12 |
>> |
13 |
> |
14 |
> Having fewer people maintaining packages will not make more people |
15 |
> work on toolchain, base-system, eclasses, portage, etc. |
16 |
> |
17 |
> If somebody is actively contributing to something in critical need |
18 |
> such as one of those I'd certainly encourage the recruiters to |
19 |
> prioritize their application. However, turning away help |
20 |
> elsewhere won't help us out. |
21 |
> |
22 |
> I'd suggest moving forward with building the new before getting rid |
23 |
> of the old. |
24 |
> |
25 |
|
26 |
I'm not saying you should agree with me, but I get the feeling you |
27 |
didn't get the idea. I'm also answering to the other mail from |
28 |
Matthias Dahl in here. |
29 |
|
30 |
To reiterate, more gentoo _core_ developers also means: |
31 |
* more different opinions |
32 |
* less focus |
33 |
* more bikeshed |
34 |
* more conflict |
35 |
* less work done? |
36 |
|
37 |
|
38 |
People cannot easily group around an idea in gentoo and just start |
39 |
hacking on it, because: |
40 |
* although we have overlays, gentoo isn't designed to be very modular |
41 |
* it's tools are not fit for more abstract approaches |
42 |
* some non-core ideas/projects are already implemented in the main |
43 |
tree (more or less) which are sometimes disconnected from the |
44 |
community and may block progress and explicitly conflict (also on the |
45 |
ebuild level, very tedious to handle) with other approaches |
46 |
* it's a monolithic all-in-one distro, so anyone who likes the core of |
47 |
the distro, but wants to build extensions around it has to effectively |
48 |
do a full fork. Full forks are less likely, so we are not giving too |
49 |
much room for experiments, enhancements and totally new ideas. Sure, |
50 |
there are a few of that kind, but it took considerable effort for |
51 |
these. Instead, it should be made easy... and we should try to learn |
52 |
from such experiments. I don't see that happening much. |
53 |
|
54 |
As was already pointed out: quite a lot of gentoo projects are already |
55 |
moving very slowly in that very direction. They are mainly working on |
56 |
themed github hosted overlays with frequent user contributions. |
57 |
|
58 |
I may know more about ebuild writing than some community users, but it |
59 |
often happens that they know way more about actual packages than me. |
60 |
They rarely find the way to contribute through all these tedious |
61 |
barriers we put up for them (bugzilla, cvs, getting your social status |
62 |
before you can actually get stuff done)... which does NOT improve |
63 |
ebuild quality. |
64 |
|
65 |
We are imposing a workflow on people, although that workflow might |
66 |
just be wrong in general or in certain cases. |
67 |
That's why some gentoo projects have already a dual-workflow. Why not |
68 |
make it more open? |
69 |
|
70 |
You may say "it is open", really? Our main channel is GLEPs (uagh), |
71 |
users rarely participate on gentoo dev ML. |
72 |
|
73 |
You may say "we already allow conflicting ideas". Well yes, that's |
74 |
part of the problem! We allow conflicting projects/ideas in ONE |
75 |
repository That part of the GLEP never got into my head, and I know |
76 |
why. It's not the way to get diversity and interesting experiments... |
77 |
by giving only one box to 200 people and tell them you may practically |
78 |
do what you want. It just leads to inconsistencies, fights and a big |
79 |
mess, because we didn't care about proper abstraction, but about |
80 |
implementing our diverse, but specific ideas right now. |
81 |
No, you'd rather give everyone the same box and tell him he may do |
82 |
with that as he wants. He may find out there are other people with the |
83 |
exact same ideas, so there goes. |
84 |
|
85 |
|
86 |
So the idea is the following: |
87 |
* stop recruiting |
88 |
* move clearly themed overlays/projects out of the tree which are |
89 |
already practically working outside of the tree (e.g. science, |
90 |
haskell, ...) |
91 |
* fix the tools (never ending git story, probably a lot of work needed |
92 |
on the overlay support front etc) |
93 |
* focus on the core of gentoo as in: provide abstraction, tools and |
94 |
the basic structure for people to do cool things. Right now we are |
95 |
just focussing on keeping the ebuild machinery going, while the rest |
96 |
pretty much goes downhill. Fast. |
97 |
* be more open, work more with the community, not just through bugzilla |
98 |
* review overlays, contribute to overlays |
99 |
* have a list of high-quality overlays, maybe with a few notes about |
100 |
them (is it themed? does it conflict with stuff?) |
101 |
* I can't hold it but say: make ebuilds suck less, so people enjoy |
102 |
contributing |
103 |
|
104 |
|
105 |
But... what about quality? |
106 |
Well, IMO we have lots of very poor-quality ebuilds in our tree. Not |
107 |
just in overlays. That's because it's still hard to contribute, so a |
108 |
small number of people have to do a LOT of work (as in: actually |
109 |
writing the ebuilds) and we have no review workflow. |
110 |
People who are so experienced with ebuilds like gentoo old timers with |
111 |
5+ years of experience probably shouldn't write ebuilds AT ALL. Their |
112 |
time is better spent just reviewing ebuilds, either by request or just |
113 |
to check the quality of an overlay. |
114 |
|
115 |
Doing things a bit more distributed will rather improve ebuild |
116 |
quality, as long as we have some sort of review culture. So that's |
117 |
something for the community to chew as well. But that already works in |
118 |
some cases. We see it happening. |
119 |
I know AUR and I think it's terrible, because I've been an arch linux |
120 |
user for 2 years. So that's something we have to avoid and learn from |
121 |
if we try to go into this direction. |
122 |
|
123 |
|
124 |
But... what about security? |
125 |
That's a more delicate matter, yeah. I can understand the concerns, |
126 |
but lets start with this question first: |
127 |
Why do you trust ME? You don't know anything about me. All you know is |
128 |
that I probably didn't mess up too hard for the last 2 years and that |
129 |
I regularly sign my Manifests/commits. |
130 |
Well, a lot of overlay maintainers do as well (I once asked the |
131 |
tox-overlay maintainers to gpg sign their commits and so they did). |
132 |
So IMO it just boils down to community reputation and verifiable |
133 |
authorship. Why care then if the guy committing is an actual "gentoo |
134 |
dev" if his reputation is good? |
135 |
|
136 |
Besides that... webapps in gentoo are in terrible shape (not blaming |
137 |
anyone... tried to write such ebuilds myself, it can be awfully |
138 |
complex). I'm running a gentoo server myself and I ended up installing |
139 |
a lot of web apps directly from git repositories instead of the |
140 |
in-tree packages. It would probably be interesting if a group from the |
141 |
community will step up and clear these things out with the help of a |
142 |
few gentoo devs. Or maybe a company will be interested in maintaining |
143 |
a high-quality overlay of server tools and webapps? Why not? There are |
144 |
already companies recruiting for gentoo experienced people and using |
145 |
gentoo for servers. So why not do that? |
146 |
|
147 |
What's more important on the security side is a different thing imo: |
148 |
* our GLSA channels. They will not be obsoleted by any of these ideas. |
149 |
* tools like glsa-check |
150 |
* high responsiveness (in my experience a lot of overlay maintainers |
151 |
are faster with fixing vulnerable packages than we are, but yeah... |
152 |
this will also require more communication) |
153 |
|
154 |
Also... no one is saying we have to remove apache from the list of |
155 |
core packages. |
156 |
|
157 |
|
158 |
So... why do it this way? |
159 |
Because a lot of successful projects exactly operate like that. |
160 |
Including VERY big projects: have a very limited number of core |
161 |
developers who make the core decisions and have a strong focus. Then |
162 |
have the community input and openness to get influenced both by code |
163 |
and ideas while still allowing people to easily deviate from some |
164 |
ideas, because we keep to the core. |
165 |
|
166 |
I don't think we are "community-driven", just because we keep adding |
167 |
community members to our "ranks". Community-driven means for me that |
168 |
there is a very strong connection and communication between the core |
169 |
developers and the community. |
170 |
Most of the time... this doesn't ever happen and decisions are made on |
171 |
our dev ML which is mostly bikeshed between gentoo devs! |
172 |
|
173 |
In addition, if we focus on the core... we don't even have to make |
174 |
that many decisions any more. |
175 |
|
176 |
This really requires a shift of thinking and I honestly don't expect |
177 |
that to happen. |
178 |
But it's something that is happening around as and seems to work out |
179 |
quite well (latest example is NixOS, without wanting to talk about |
180 |
their technical decisions). |
181 |
Some distros have programs to analyse these projects and try to |
182 |
integrate some of those ideas into their own. |
183 |
|
184 |
But I'm not really interested in fighting the decisions other people |
185 |
made about gentoo ~10 years ago and write 55 GLEPs to change |
186 |
something. I'd rather spend my time improving overlays or find people |
187 |
(in gentoo) who think similar. |
188 |
-----BEGIN PGP SIGNATURE----- |
189 |
Version: GnuPG v2.0 |
190 |
|
191 |
iQJ8BAEBCgBmBQJUaUAGXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w |
192 |
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMDlCNDQ4NjEyNDI4NjA5REVEMDI3MzIy |
193 |
MjBDRDFDNUJERUVEMDIwAAoJECIM0cW97tAgq6UP/ioha93yY/F/ryh8XH7mkymB |
194 |
Wjwn4+L1mAV/i9YD8J70IpcbPKRmj3QQItcFVCPb8mLGFCdOr4G2LoVhRObH10IE |
195 |
jqJC4QvyNL9chvsRSHvPWyFUkVGSqcgT/SlhPmtsuJt2EvSglEeC0hAXvL+YDOSL |
196 |
zotuT3gETYCTnpc5xqOjkEWSSW7dHT6aA2PeXqmcNukPo4UpfJEKz06KEu7lUpER |
197 |
nlWiPGL/XyxlVRB2LLNHyCHlX3dYQvZeVCXs1MFbKB1XMwNpQthWAzaJ+4ADKGVN |
198 |
vd2IeByviivdkNQCc5nby6jHFZlMUiWdJJLJfdb0G39Hz2wHCXD8Crx4leqDvV3e |
199 |
5OethLFq/QMV3D9gPnwMr7JWVisEAIJzCXeCyNbFnhQuA3bp9ZP6rFd8ndwt3Xzm |
200 |
fQMoTjdZE279qbMbv4mrXer7/4+rIs0wPK88Bqd31HediQgsvKgHNnVx4z9gUIrn |
201 |
O/rdGsV8vg9EA6bLTWBNkvXCJ38eh+8n583CXzy1FEC5esUa2y7o4iZ8MrPzUw2A |
202 |
+Cc7ovSnk+bvj/XXG2ptbCC4tltuJcwFg4r+QjGEXVEpAqfh/4zgYQUIKta1ff2a |
203 |
f72vvZPkR4MNC3tznWSS9SWVQL27RAzDqb4qWnRpj/sggwLcCDlYNH4WLCETkao3 |
204 |
G+lBZsQmmtyvyYpkrxV6 |
205 |
=VFTg |
206 |
-----END PGP SIGNATURE----- |