1 |
On Tue, Nov 09, 2004 at 08:53:21PM -0800 or thereabouts, Chris Haumesser wrote: |
2 |
> Devs, what have you to lose by helping us do this? I don't think I |
3 |
> understand the resistance, outside of the emotional reaction triggered |
4 |
> by this thread's initiator. |
5 |
|
6 |
The original fix suggested won't work for a number of reasons that I'm not |
7 |
going to bother to re-hash here. I did suggest an alternate solution that |
8 |
I think is going to work and Peter has agreed to write the code to |
9 |
implement it. |
10 |
|
11 |
This entire thread has been very demotivating to me as a Gentoo developer. |
12 |
Please keep in mind that I donate my time because I enjoy what I do. I |
13 |
think it's safe to say that all of the other developers share that same |
14 |
motivation. If you take the enjoyment out of developing Gentoo, it's going |
15 |
to die off rather quickly. |
16 |
|
17 |
You can't expect to be placed on the same pedestal that a commercial vendor |
18 |
will place you on because you, as a user, aren't providing the same value |
19 |
(money) that you do in a traditional commercial transaction. Quite |
20 |
frankly, a lot of the users out there are leeches who don't provide |
21 |
anything back to the Gentoo community, but consume our software |
22 |
nonetheless. That's fine -- I don't begrudge them because I do what I do |
23 |
because I enjoy it. So, when taking a stand on what you feel to be an |
24 |
important issue, keep this in mind: It does not matter if you are morally |
25 |
right. It does not matter if the issue is serious. If you take the fun |
26 |
out of developing this distro, Gentoo will die, period. |
27 |
|
28 |
Anyway, enough preaching. This thread has gone on long enough. The |
29 |
solution that's been agreeed upon is signing the daily snapshots that we |
30 |
provide for users who can't use rsync. (/snapshots directory on your |
31 |
favorite source mirror) |
32 |
|
33 |
This provides the ability to verify the integrity of every single file |
34 |
under /usr/portage/ and requires very little changes to our existing |
35 |
infrastructure. emerge-webrsync will be hacked up to provide verification |
36 |
support for it. I don't have any commitments from the portage devs that |
37 |
these changes will be included (emerge-webrsync is part of portage) so this |
38 |
may end up being an unsupported, use-at-your-own-risk solution. It does |
39 |
not take away from or alter the plans to implement a much better, more |
40 |
robust verification solution in portage itself. |
41 |
|
42 |
--kurt |
43 |
|
44 |
P.S. I do not want anyone to think that this solution is being implemented |
45 |
because of the bitching and screaming that occurred. If someone had posted |
46 |
a message to the list before all this broke out suggesting this solution |
47 |
and volunteering to write the code for it, it would be in place by now. |
48 |
That's another way of saying that we didn't have to go through all this |
49 |
unpleasantness... |