Gentoo Archives: gentoo-project

From: Michael Orlitzky <mjo@g.o>
To: gentoo-project@l.g.o
Subject: Re: [gentoo-project] [RFC] New project: GURU [Gentoo User Repository, Unreviewed]
Date: Sun, 03 Feb 2019 22:37:55
In Reply to: [gentoo-project] [RFC] New project: GURU [Gentoo User Repository, Unreviewed] by "Michał Górny"
On 2/3/19 2:28 PM, Michał Górny wrote:
> > What do you think? >
I'd like to give two conflicting answers, and maybe answer Kristian's question as well. Answer 1: Every day we hear about some ridiculous security problem with the other repositories of this type (Google's Play store, the NPM repository, etc.) These are all an embarrassment to the organizations that run them because the fact that their names are attached to the repository is an implicit endorsement of its content. Putting the "Gentoo" name on this is a bad idea. No matter how you dress it up, this repository will be a collection of dangerous code uploaded by complete strangers that our users will download and run as root. That fact is not obvious to everyone, and we do a disservice to them by hand-waving away the reality of the matter. Answer 2: Despite how stupid it is, people do this already. The only difference is, right now they download untrusted code from a hundred different strangers in ten different overlays to accomplish the same thing. Putting these ebuilds all in one "official" overlay would prevent people from duplicating effort, and provide a central place for junk ebuilds to mature without the developer bottleneck getting in the way. Perhaps it will even spur collaboration, and encourage people to read the devmanual because those skills can immediately be put to use. For a long time, I've wanted a third level of stability: a) Stable b) Unstable c) I'm an idiot, break my system Having the third option lets you get things out the door and into the hands of users who are able to test them (after acknowledging the risks) much faster. I guess this repository fills a similar void. But, we need some sort of oversight or keyword control. Otherwise, if everything is ~arch, some asshole is going to create a new account every day and submit a hacked -r28976 of something in @system that will immediately be installed on everyone's machines. Maybe this motivates adding stability level (c) after all, for the user repo? And then it would be available to developers as well. Food for thought.