On Tue, Jun 17, 2008 at 04:09:17PM -0700, Stephen Hahn wrote: > I would expect > to take other contributions using a process like > > 0. Claim package from a list, or otherwise advertise, so that > duplicate work is avoided. You can also deliver your own > OSS/redistributable software via this repository, subject to #4 > below.
> 1. Get package to build and install on OpenSolaris 2008.05. > 2. Run a private depot. Use pkgsend open, pkgsend import, pkgsend > close to create a package in your private depot. > 3. Either send us the URL to your private depot (running in readonly > mode if public!), or use pkgrecv and GNU tar to collect your > package in transaction form--and send us a URL to that file. > > 4. The /contrib project members will vote on inclusion, based on > following best practices on naming and metadata. If you like, the > project can revise your metadata for completeness, or you can > update your proposed package based on that review. Some concerns about this process. I love the fact that the barrier to entry is so low. But this also means that it would be trivial to submit a package with a rootkit or a backdoor and have it hosted on opensolaris.org. I find third-party contributors directly submitting binaries a scary prospect. The best option, IMO, would be to have them submit patches and build recipes (which are much more easily vetted) and have the actual build carried out by the /contrib project. Going the SFE way would seem to be the best option for this. Venky. _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
