* Alex Alexander schrieb am 22.07.11 um 13:30 Uhr: > On Fri, Jul 22, 2011 at 14:21, Marc Schiffbauer <msch...@gentoo.org> wrote: > > Am Freitag, 22. Juli 2011, 14:50:06 schrieb Maxim Koltsov: > >> Hi devs, > >> I'm about to add Leechcraft modular internet client to tree. It has 32 > >> packages and uses it's own eclass. Please review it and allow me to > >> commit it to the tree. > >> Also i'd want to ask: is it woth to add new category (e.g. > >> leechcraft-plugins) to simplify managing leechcraft ebuilds. And the > >> last question: is it good to add 9999 versions for all ebuilds too? > > > > IMO live ebuilds should only be held in an overlay. > > > > -Marc > > 9999 versions are nice, but they typically require more time and > effort to maintain. I'd recommend adding them only if you are willing > to do the work. Sometimes 9999 ebuilds are useful as a way to prepare > for the next release.
Yes, but the big drawback is that you do not have any checksums of the source. So if for example an upstream source code gets exploited you will never notice until the trojan or whatever got in there will do something. Sure this can happen with normal tarballs too, but is much more unlikely and can only happen if the source is already bad at the time of "repoman manifest". -Marc -- 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134
pgpiMgjqTV4DQ.pgp
Description: PGP signature