On Saturday 24 June 2006 18:54, Edward Catmur wrote: > * Security (from malicious contributors): Glad to see layman will only > track the reviewed/ tree; still, anyone who checks out the sunrise/ tree > (and has it in PORTDIR_OVERLAY) is vulnerable. > > - Remove from the examples any suggestion that one should check out the > whole tree when contributing. Point out that one should not svn up > sunrise/ as part of updating Portage.
valid point i think ive never admined svn repos before, but would it be possible to shut off anon access to the non-reviewed tree ? i think that would cover this issue as people who get bit by bugs in the non-reviewed tree would (and should) be able to just go in and fix it themselves :) > * Conflicts between contributors (social): Alice adds an ebuild; Bob > makes a (maybe "obvious") change; Alice thinks the change is incorrect, > and, feeling that the ebuild is her property, reverts the change. A > revert war erupts. Many casualties. > > - Create a social structure to enable Alice and Bob to communicate and > resolve their differences of opinion. Forums? Wiki? IRC? Bugzilla? I > would argue there should be One True location for this to occur; /not/ > bugzilla (bugspam); /not/ IRC (impermanence). revert wars are retarded on the base level. if people are unable to solve issues via communication channels, i'd say just toss the people involved and the material in question. -mike
pgp5Ydk0ahbAm.pgp
Description: PGP signature
