| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
On 11/15/2014 09:29 PM, Rich Freeman wrote: |
| 5 |
> On Sat, Nov 15, 2014 at 10:00 AM, hasufell <hasufell@g.o> |
| 6 |
> wrote: |
| 7 |
>> |
| 8 |
>> Turning it off will decrease organizational problems, make the |
| 9 |
>> distribution more focused and eventually more high quality, |
| 10 |
>> because people would be able to actually work together on the |
| 11 |
>> _core_ of gentoo (toolchain, base-system, eclasses, PM...). |
| 12 |
>> |
| 13 |
> |
| 14 |
> Having fewer people maintaining packages will not make more people |
| 15 |
> work on toolchain, base-system, eclasses, portage, etc. |
| 16 |
> |
| 17 |
> If somebody is actively contributing to something in critical need |
| 18 |
> such as one of those I'd certainly encourage the recruiters to |
| 19 |
> prioritize their application. However, turning away help |
| 20 |
> elsewhere won't help us out. |
| 21 |
> |
| 22 |
> I'd suggest moving forward with building the new before getting rid |
| 23 |
> of the old. |
| 24 |
> |
| 25 |
|
| 26 |
I'm not saying you should agree with me, but I get the feeling you |
| 27 |
didn't get the idea. I'm also answering to the other mail from |
| 28 |
Matthias Dahl in here. |
| 29 |
|
| 30 |
To reiterate, more gentoo _core_ developers also means: |
| 31 |
* more different opinions |
| 32 |
* less focus |
| 33 |
* more bikeshed |
| 34 |
* more conflict |
| 35 |
* less work done? |
| 36 |
|
| 37 |
|
| 38 |
People cannot easily group around an idea in gentoo and just start |
| 39 |
hacking on it, because: |
| 40 |
* although we have overlays, gentoo isn't designed to be very modular |
| 41 |
* it's tools are not fit for more abstract approaches |
| 42 |
* some non-core ideas/projects are already implemented in the main |
| 43 |
tree (more or less) which are sometimes disconnected from the |
| 44 |
community and may block progress and explicitly conflict (also on the |
| 45 |
ebuild level, very tedious to handle) with other approaches |
| 46 |
* it's a monolithic all-in-one distro, so anyone who likes the core of |
| 47 |
the distro, but wants to build extensions around it has to effectively |
| 48 |
do a full fork. Full forks are less likely, so we are not giving too |
| 49 |
much room for experiments, enhancements and totally new ideas. Sure, |
| 50 |
there are a few of that kind, but it took considerable effort for |
| 51 |
these. Instead, it should be made easy... and we should try to learn |
| 52 |
from such experiments. I don't see that happening much. |
| 53 |
|
| 54 |
As was already pointed out: quite a lot of gentoo projects are already |
| 55 |
moving very slowly in that very direction. They are mainly working on |
| 56 |
themed github hosted overlays with frequent user contributions. |
| 57 |
|
| 58 |
I may know more about ebuild writing than some community users, but it |
| 59 |
often happens that they know way more about actual packages than me. |
| 60 |
They rarely find the way to contribute through all these tedious |
| 61 |
barriers we put up for them (bugzilla, cvs, getting your social status |
| 62 |
before you can actually get stuff done)... which does NOT improve |
| 63 |
ebuild quality. |
| 64 |
|
| 65 |
We are imposing a workflow on people, although that workflow might |
| 66 |
just be wrong in general or in certain cases. |
| 67 |
That's why some gentoo projects have already a dual-workflow. Why not |
| 68 |
make it more open? |
| 69 |
|
| 70 |
You may say "it is open", really? Our main channel is GLEPs (uagh), |
| 71 |
users rarely participate on gentoo dev ML. |
| 72 |
|
| 73 |
You may say "we already allow conflicting ideas". Well yes, that's |
| 74 |
part of the problem! We allow conflicting projects/ideas in ONE |
| 75 |
repository That part of the GLEP never got into my head, and I know |
| 76 |
why. It's not the way to get diversity and interesting experiments... |
| 77 |
by giving only one box to 200 people and tell them you may practically |
| 78 |
do what you want. It just leads to inconsistencies, fights and a big |
| 79 |
mess, because we didn't care about proper abstraction, but about |
| 80 |
implementing our diverse, but specific ideas right now. |
| 81 |
No, you'd rather give everyone the same box and tell him he may do |
| 82 |
with that as he wants. He may find out there are other people with the |
| 83 |
exact same ideas, so there goes. |
| 84 |
|
| 85 |
|
| 86 |
So the idea is the following: |
| 87 |
* stop recruiting |
| 88 |
* move clearly themed overlays/projects out of the tree which are |
| 89 |
already practically working outside of the tree (e.g. science, |
| 90 |
haskell, ...) |
| 91 |
* fix the tools (never ending git story, probably a lot of work needed |
| 92 |
on the overlay support front etc) |
| 93 |
* focus on the core of gentoo as in: provide abstraction, tools and |
| 94 |
the basic structure for people to do cool things. Right now we are |
| 95 |
just focussing on keeping the ebuild machinery going, while the rest |
| 96 |
pretty much goes downhill. Fast. |
| 97 |
* be more open, work more with the community, not just through bugzilla |
| 98 |
* review overlays, contribute to overlays |
| 99 |
* have a list of high-quality overlays, maybe with a few notes about |
| 100 |
them (is it themed? does it conflict with stuff?) |
| 101 |
* I can't hold it but say: make ebuilds suck less, so people enjoy |
| 102 |
contributing |
| 103 |
|
| 104 |
|
| 105 |
But... what about quality? |
| 106 |
Well, IMO we have lots of very poor-quality ebuilds in our tree. Not |
| 107 |
just in overlays. That's because it's still hard to contribute, so a |
| 108 |
small number of people have to do a LOT of work (as in: actually |
| 109 |
writing the ebuilds) and we have no review workflow. |
| 110 |
People who are so experienced with ebuilds like gentoo old timers with |
| 111 |
5+ years of experience probably shouldn't write ebuilds AT ALL. Their |
| 112 |
time is better spent just reviewing ebuilds, either by request or just |
| 113 |
to check the quality of an overlay. |
| 114 |
|
| 115 |
Doing things a bit more distributed will rather improve ebuild |
| 116 |
quality, as long as we have some sort of review culture. So that's |
| 117 |
something for the community to chew as well. But that already works in |
| 118 |
some cases. We see it happening. |
| 119 |
I know AUR and I think it's terrible, because I've been an arch linux |
| 120 |
user for 2 years. So that's something we have to avoid and learn from |
| 121 |
if we try to go into this direction. |
| 122 |
|
| 123 |
|
| 124 |
But... what about security? |
| 125 |
That's a more delicate matter, yeah. I can understand the concerns, |
| 126 |
but lets start with this question first: |
| 127 |
Why do you trust ME? You don't know anything about me. All you know is |
| 128 |
that I probably didn't mess up too hard for the last 2 years and that |
| 129 |
I regularly sign my Manifests/commits. |
| 130 |
Well, a lot of overlay maintainers do as well (I once asked the |
| 131 |
tox-overlay maintainers to gpg sign their commits and so they did). |
| 132 |
So IMO it just boils down to community reputation and verifiable |
| 133 |
authorship. Why care then if the guy committing is an actual "gentoo |
| 134 |
dev" if his reputation is good? |
| 135 |
|
| 136 |
Besides that... webapps in gentoo are in terrible shape (not blaming |
| 137 |
anyone... tried to write such ebuilds myself, it can be awfully |
| 138 |
complex). I'm running a gentoo server myself and I ended up installing |
| 139 |
a lot of web apps directly from git repositories instead of the |
| 140 |
in-tree packages. It would probably be interesting if a group from the |
| 141 |
community will step up and clear these things out with the help of a |
| 142 |
few gentoo devs. Or maybe a company will be interested in maintaining |
| 143 |
a high-quality overlay of server tools and webapps? Why not? There are |
| 144 |
already companies recruiting for gentoo experienced people and using |
| 145 |
gentoo for servers. So why not do that? |
| 146 |
|
| 147 |
What's more important on the security side is a different thing imo: |
| 148 |
* our GLSA channels. They will not be obsoleted by any of these ideas. |
| 149 |
* tools like glsa-check |
| 150 |
* high responsiveness (in my experience a lot of overlay maintainers |
| 151 |
are faster with fixing vulnerable packages than we are, but yeah... |
| 152 |
this will also require more communication) |
| 153 |
|
| 154 |
Also... no one is saying we have to remove apache from the list of |
| 155 |
core packages. |
| 156 |
|
| 157 |
|
| 158 |
So... why do it this way? |
| 159 |
Because a lot of successful projects exactly operate like that. |
| 160 |
Including VERY big projects: have a very limited number of core |
| 161 |
developers who make the core decisions and have a strong focus. Then |
| 162 |
have the community input and openness to get influenced both by code |
| 163 |
and ideas while still allowing people to easily deviate from some |
| 164 |
ideas, because we keep to the core. |
| 165 |
|
| 166 |
I don't think we are "community-driven", just because we keep adding |
| 167 |
community members to our "ranks". Community-driven means for me that |
| 168 |
there is a very strong connection and communication between the core |
| 169 |
developers and the community. |
| 170 |
Most of the time... this doesn't ever happen and decisions are made on |
| 171 |
our dev ML which is mostly bikeshed between gentoo devs! |
| 172 |
|
| 173 |
In addition, if we focus on the core... we don't even have to make |
| 174 |
that many decisions any more. |
| 175 |
|
| 176 |
This really requires a shift of thinking and I honestly don't expect |
| 177 |
that to happen. |
| 178 |
But it's something that is happening around as and seems to work out |
| 179 |
quite well (latest example is NixOS, without wanting to talk about |
| 180 |
their technical decisions). |
| 181 |
Some distros have programs to analyse these projects and try to |
| 182 |
integrate some of those ideas into their own. |
| 183 |
|
| 184 |
But I'm not really interested in fighting the decisions other people |
| 185 |
made about gentoo ~10 years ago and write 55 GLEPs to change |
| 186 |
something. I'd rather spend my time improving overlays or find people |
| 187 |
(in gentoo) who think similar. |
| 188 |
-----BEGIN PGP SIGNATURE----- |
| 189 |
Version: GnuPG v2.0 |
| 190 |
|
| 191 |
iQJ8BAEBCgBmBQJUaUAGXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w |
| 192 |
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMDlCNDQ4NjEyNDI4NjA5REVEMDI3MzIy |
| 193 |
MjBDRDFDNUJERUVEMDIwAAoJECIM0cW97tAgq6UP/ioha93yY/F/ryh8XH7mkymB |
| 194 |
Wjwn4+L1mAV/i9YD8J70IpcbPKRmj3QQItcFVCPb8mLGFCdOr4G2LoVhRObH10IE |
| 195 |
jqJC4QvyNL9chvsRSHvPWyFUkVGSqcgT/SlhPmtsuJt2EvSglEeC0hAXvL+YDOSL |
| 196 |
zotuT3gETYCTnpc5xqOjkEWSSW7dHT6aA2PeXqmcNukPo4UpfJEKz06KEu7lUpER |
| 197 |
nlWiPGL/XyxlVRB2LLNHyCHlX3dYQvZeVCXs1MFbKB1XMwNpQthWAzaJ+4ADKGVN |
| 198 |
vd2IeByviivdkNQCc5nby6jHFZlMUiWdJJLJfdb0G39Hz2wHCXD8Crx4leqDvV3e |
| 199 |
5OethLFq/QMV3D9gPnwMr7JWVisEAIJzCXeCyNbFnhQuA3bp9ZP6rFd8ndwt3Xzm |
| 200 |
fQMoTjdZE279qbMbv4mrXer7/4+rIs0wPK88Bqd31HediQgsvKgHNnVx4z9gUIrn |
| 201 |
O/rdGsV8vg9EA6bLTWBNkvXCJ38eh+8n583CXzy1FEC5esUa2y7o4iZ8MrPzUw2A |
| 202 |
+Cc7ovSnk+bvj/XXG2ptbCC4tltuJcwFg4r+QjGEXVEpAqfh/4zgYQUIKta1ff2a |
| 203 |
f72vvZPkR4MNC3tznWSS9SWVQL27RAzDqb4qWnRpj/sggwLcCDlYNH4WLCETkao3 |
| 204 |
G+lBZsQmmtyvyYpkrxV6 |
| 205 |
=VFTg |
| 206 |
-----END PGP SIGNATURE----- |
Archives