On Fri, Jun 09, 2006 at 07:44:38AM -0400, Peter wrote: > Firstly, I think it is very clear that anything in sunrise is experimental > or not supported in the main gentoo tree. That's fine! I don't think any > user who goes through the trouble to set up an overlay would miss that > point. You can't go to o.g.o and not see the disclaimers. And, anyone who > goes through the trouble to svn the overlay, edit make.conf, etc., would > not be an ignorant newbie (no disrespect to newbies intended). Anyone who > fetches the sunrise overlay would know exactly what he/she intends to do > and why. Much different than emerge --sync with keyword x86.
According to other mails in this thread, it will be possible to use the overlay through layman - no need for a complicated svn checkout process. > Secondly, my bias against a third party repository is perhaps unwarranted. > I am sure the bmg site is excellent and the people running it are > well-intentioned and experienced. However, that said, as a user, I have a > higher comfort level staying in the gentoo.realm. Care to explain why you have a higher comfort of staying in the gentoo realm? I ask since I'm afraid it's due to a false sense of security. > Thirdly, the opportunity to be able to publish ebuilds that would > otherwise languish in bugzilla is very exciting. I think it also gives the > bugday people an opportunity to close out bugs. Despite what others have > written, having multi-year old bugs is very counter productive. If > something has not been fixed in so long, it probably either can't be > fixed, or may not even apply anymore. I know this is a generalization, but > if a bug was filed against gentoo 2004.3, who knows if it still applies > with gentoo 2006.0. Especially if there has been little or no activity. We're not talking about bugs per se here - we're talking about enhancement request for new ebuilds. No bugs should be closed simply because an ebuild from the bug is included in the sunrise overlay. Until the ebuild is included in portage proper the enchancement request still stands. > Personally, I don't see the conflict, or the risk, or the additional work > for devs. In fact, I see the opposite. Removing maintainer-wanted bugs is > a net positive. If that means the proposed ebuild lives in o.g.o that's > fine. Just point users who see the bug over to it. And, if an ebuild > proves to be useful, or popular, it's conceivable that it could ultimately > find its way over to the main tree. Again, the bugs wont be removed - the ebuilds will simply be mirrored in the sunrise project (please correct me if I am wrong here). > As for the more sinister aspects of a rogue ebuild finding its way onto > o.g.o, sure that's a possibility. However, any dev could do the same in > portage because they have commit access (and the problem may not be > caught right away). Moreover, it's possible that an ebuild may be fine, > but a particular version of a package tarball could have outright > malicious code or an undetected security hole in it that has not been > caught yet. That could find its way onto portage too. IMHO, I don't see > any more risk to security in o.g.o. Except that when a Gentoo developer intends to add a new package to the tree they're supposed to do QA on the package and the ebuild. Many herds also use peer review for this. As every Gentoo developer knows, this is a very time consuming task. A task for which we are already understaffed as it is. I fail to see how a new parallel portage tree with contributions from people inexperienced in writing ebuilds and reviewing packages can be reviewed and supported by only a handful of Gentoo developers, who also have no experience with the packages in question. > Again, I think you need to consider your audience for o.g.o. The newbie > won't be there or be syncing to o.g.o. The server admin probably would not > be there either for updating a production machine. I think the main > audience for o.g.o. would be the power user, or the wannabe power user or > certain project teams, or people with a particular interest or need in a > project not hosted on the main tree -- that is people who actively need > sunrise's services. Perhaps. No one really knows how many newbies or experienced users will use the sunrise project, not you - not I. But I do fear that many of our end-users will use it, or at least, use parts of it. As previously stated, I fear that the quality of the parallel tree will not live up to the standards of the main tree, causing the reputaion of Gentoo as a whole to degrade to the reputation as a "ricer" distribution which we have worked so hard on eliminating in the past couple of years. Therefore I'd rather see the project hosted on third party servers (e.g. gentoo-sunrise.org) to avoid having it automatically seen as an officially endorsed Gentoo repository by end-users/upstream developers to begin with. If the Gentoo developers and contributors involved succeed in proving that this indeed is a good idea, and that it indeed does not hurt the reputation of Gentoo as a whole, we can then consider moving the project back on gentoo.org and make it official. Regards, Brix -- Henrik Brix Andersen <[EMAIL PROTECTED]> Gentoo Metadistribution | Mobile computing herd
pgp57meqTjRuP.pgp
Description: PGP signature
