| 1 |
On Tue, Nov 09, 2004 at 08:53:21PM -0800 or thereabouts, Chris Haumesser wrote: |
| 2 |
> Devs, what have you to lose by helping us do this? I don't think I |
| 3 |
> understand the resistance, outside of the emotional reaction triggered |
| 4 |
> by this thread's initiator. |
| 5 |
|
| 6 |
The original fix suggested won't work for a number of reasons that I'm not |
| 7 |
going to bother to re-hash here. I did suggest an alternate solution that |
| 8 |
I think is going to work and Peter has agreed to write the code to |
| 9 |
implement it. |
| 10 |
|
| 11 |
This entire thread has been very demotivating to me as a Gentoo developer. |
| 12 |
Please keep in mind that I donate my time because I enjoy what I do. I |
| 13 |
think it's safe to say that all of the other developers share that same |
| 14 |
motivation. If you take the enjoyment out of developing Gentoo, it's going |
| 15 |
to die off rather quickly. |
| 16 |
|
| 17 |
You can't expect to be placed on the same pedestal that a commercial vendor |
| 18 |
will place you on because you, as a user, aren't providing the same value |
| 19 |
(money) that you do in a traditional commercial transaction. Quite |
| 20 |
frankly, a lot of the users out there are leeches who don't provide |
| 21 |
anything back to the Gentoo community, but consume our software |
| 22 |
nonetheless. That's fine -- I don't begrudge them because I do what I do |
| 23 |
because I enjoy it. So, when taking a stand on what you feel to be an |
| 24 |
important issue, keep this in mind: It does not matter if you are morally |
| 25 |
right. It does not matter if the issue is serious. If you take the fun |
| 26 |
out of developing this distro, Gentoo will die, period. |
| 27 |
|
| 28 |
Anyway, enough preaching. This thread has gone on long enough. The |
| 29 |
solution that's been agreeed upon is signing the daily snapshots that we |
| 30 |
provide for users who can't use rsync. (/snapshots directory on your |
| 31 |
favorite source mirror) |
| 32 |
|
| 33 |
This provides the ability to verify the integrity of every single file |
| 34 |
under /usr/portage/ and requires very little changes to our existing |
| 35 |
infrastructure. emerge-webrsync will be hacked up to provide verification |
| 36 |
support for it. I don't have any commitments from the portage devs that |
| 37 |
these changes will be included (emerge-webrsync is part of portage) so this |
| 38 |
may end up being an unsupported, use-at-your-own-risk solution. It does |
| 39 |
not take away from or alter the plans to implement a much better, more |
| 40 |
robust verification solution in portage itself. |
| 41 |
|
| 42 |
--kurt |
| 43 |
|
| 44 |
P.S. I do not want anyone to think that this solution is being implemented |
| 45 |
because of the bitching and screaming that occurred. If someone had posted |
| 46 |
a message to the list before all this broke out suggesting this solution |
| 47 |
and volunteering to write the code for it, it would be in place by now. |
| 48 |
That's another way of saying that we didn't have to go through all this |
| 49 |
unpleasantness... |
Archives