| 1 |
On 2/3/19 2:28 PM, Michał Górny wrote: |
| 2 |
> |
| 3 |
> What do you think? |
| 4 |
> |
| 5 |
|
| 6 |
I'd like to give two conflicting answers, and maybe answer Kristian's |
| 7 |
question as well. |
| 8 |
|
| 9 |
Answer 1: |
| 10 |
|
| 11 |
Every day we hear about some ridiculous security problem with the other |
| 12 |
repositories of this type (Google's Play store, the NPM repository, |
| 13 |
etc.) These are all an embarrassment to the organizations that run them |
| 14 |
because the fact that their names are attached to the repository is an |
| 15 |
implicit endorsement of its content. |
| 16 |
|
| 17 |
Putting the "Gentoo" name on this is a bad idea. No matter how you dress |
| 18 |
it up, this repository will be a collection of dangerous code uploaded |
| 19 |
by complete strangers that our users will download and run as root. That |
| 20 |
fact is not obvious to everyone, and we do a disservice to them by |
| 21 |
hand-waving away the reality of the matter. |
| 22 |
|
| 23 |
|
| 24 |
Answer 2: |
| 25 |
|
| 26 |
Despite how stupid it is, people do this already. The only difference |
| 27 |
is, right now they download untrusted code from a hundred different |
| 28 |
strangers in ten different overlays to accomplish the same thing. |
| 29 |
Putting these ebuilds all in one "official" overlay would prevent people |
| 30 |
from duplicating effort, and provide a central place for junk ebuilds to |
| 31 |
mature without the developer bottleneck getting in the way. Perhaps it |
| 32 |
will even spur collaboration, and encourage people to read the devmanual |
| 33 |
because those skills can immediately be put to use. |
| 34 |
|
| 35 |
For a long time, I've wanted a third level of stability: |
| 36 |
|
| 37 |
a) Stable |
| 38 |
b) Unstable |
| 39 |
c) I'm an idiot, break my system |
| 40 |
|
| 41 |
Having the third option lets you get things out the door and into the |
| 42 |
hands of users who are able to test them (after acknowledging the risks) |
| 43 |
much faster. I guess this repository fills a similar void. |
| 44 |
|
| 45 |
But, we need some sort of oversight or keyword control. Otherwise, if |
| 46 |
everything is ~arch, some asshole is going to create a new account every |
| 47 |
day and submit a hacked -r28976 of something in @system that will |
| 48 |
immediately be installed on everyone's machines. Maybe this motivates |
| 49 |
adding stability level (c) after all, for the user repo? And then it |
| 50 |
would be available to developers as well. Food for thought. |
Archives