Rick Zero_Chaos Farina schrieb:
On 08/31/2013 03:57 PM, Tom Wijsman wrote:
On Sat, 31 Aug 2013 20:45:00 +0200
Pacho Ramos pa...@gentoo.org wrote:
El sáb, 31-08-2013 a las 12:37 -0400, Rick Zero_Chaos Farina
escribió: [...]
I know we are a little OT here but the fifth type of recruit is
On 09/01/2013 12:30 PM, Thomas Sachau wrote:
they dont search for recruits
why not?
On 1 September 2013 11:42, hasufell hasuf...@gentoo.org wrote:
On 09/01/2013 12:30 PM, Thomas Sachau wrote:
they dont search for recruits
why not?
Will you please ready Thomas e-mail again as a whole? You only
extract a single sentence
and you redirect the other part of it to /dev/null.
We
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/21/2013 05:13 AM, Tom Wijsman wrote:
On Wed, 21 Aug 2013 12:32:35 +0400
Sergey Popov pinkb...@gentoo.org wrote:
21.08.2013 12:13, Tom Wijsman пишет:
Recruiting shows to be a hard task; so, the suggestions I am doing
are assuming that that
On Sat, 31 Aug 2013 12:37:58 -0400
Rick \Zero_Chaos\ Farina zeroch...@gentoo.org wrote:
I know we are a little OT here but the fifth type of recruit is
Yes.
someone who is very excited, very dedicated, and completely unable to
find a mentor. That is where I was for a long time, no one
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 31 Aug 2013 12:37:58 -0400
Rick \Zero_Chaos\ Farina zeroch...@gentoo.org wrote:
I know we are a little OT here but the fifth type of recruit is
someone who is very excited, very dedicated, and completely unable to
find a mentor. That is
On Sat, 31 Aug 2013 19:29:30 +0200
Jeroen Roovers j...@gentoo.org wrote:
someone who is very excited, very dedicated, and completely unable
to find a mentor. That is where I was for a long time, no one
seemed to have the time to mentor me.
Your recruitment bug disagrees with you here in
El sáb, 31-08-2013 a las 12:37 -0400, Rick Zero_Chaos Farina escribió:
[...]
I know we are a little OT here but the fifth type of recruit is someone
who is very excited, very dedicated, and completely unable to find a
mentor. That is where I was for a long time, no one seemed to have the
time
On Sat, 31 Aug 2013 20:45:00 +0200
Pacho Ramos pa...@gentoo.org wrote:
El sáb, 31-08-2013 a las 12:37 -0400, Rick Zero_Chaos Farina
escribió: [...]
I know we are a little OT here but the fifth type of recruit is
someone who is very excited, very dedicated, and completely unable
to find a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/31/2013 01:29 PM, Jeroen Roovers wrote:
On Sat, 31 Aug 2013 12:37:58 -0400
Rick \Zero_Chaos\ Farina zeroch...@gentoo.org wrote:
I know we are a little OT here but the fifth type of recruit is
Yes.
someone who is very excited, very
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/31/2013 03:57 PM, Tom Wijsman wrote:
On Sat, 31 Aug 2013 20:45:00 +0200
Pacho Ramos pa...@gentoo.org wrote:
El sáb, 31-08-2013 a las 12:37 -0400, Rick Zero_Chaos Farina
escribió: [...]
I know we are a little OT here but the fifth type of
On Tue, 2013-08-20 at 16:12 -0400, Michael Orlitzky wrote:
# Redmine
=dev-ruby/builder-3.1.4 ~amd64
=dev-ruby/rails-3.2.13 ~amd64
Ok, this one is ridiculous. The stable version of Rails is 2.3.18, and
3.0 was released almost exactly three years ago. Every time rails-3.x
gets bumped, I
On 20/08/2013 22:25, Tom Wijsman wrote:
On Tue, 20 Aug 2013 22:00:52 +0200
Alan McKinnon alan.mckin...@gmail.com wrote:
As a long time user and citizen of -user I can tell you what the
general feeling of arch vs ~arch there is:
Thanks for jumping into the discussion.
arch has plenty
On Aug 20, 2013, at 11:19 AM, William Hubbs willi...@gentoo.org wrote:
My question is, how can we improve our stabilization procedures/policies
so we can convince people not to run production servers on ~arch and
keep the stable tree more up to date?
do the Arch Linux thing…keep just one
On 21/08/2013 03:54, Doug Goldstein wrote:
Its also precisely that mix and match that might cause instability due
to people not testing things. Case in point QEMU 1.6.0 just came out and
it went through a number of release candidates but no one ever saw that
it depends only on Python 2.4 but
20.08.2013 22:28, Ian Stakenvicius пишет:
I see a few issues with ~arch - table migrations:
#1 - things just sit in ~arch. The auto-stablereq script should help
with this one I think; we should give it some time to see if it works out.
My personal opinion on this - there is some package,
20.08.2013 23:48, Tom Wijsman пишет:
Yes, +1; last time this came up on chat, I asked whether it would be a
nice idea to have something between stable and ~, what you propose
sounds similar and might make sense. Though, on the other hand, doing
it this way we don't get the advantages that
20.08.2013 23:42, Tom Wijsman пишет:
On Tue, 20 Aug 2013 14:29:09 -0400
Wyatt Epp wyatt@gmail.com wrote:
What manner of bitrot?
They might ...
2. ... contain security bugs that later versions have fixed.
There should be security bug on our bugzilla with quick stabilization on
it
21.08.2013 00:06, Tom Wijsman пишет:
On Tue, 20 Aug 2013 15:41:42 -0400
Rich Freeman ri...@gentoo.org wrote:
Let me dig up an example...
Our last sys-kernel/gentoo-sources stabilization was 3 months ago:
I don't really see a problem with stable package being all of 3 months
old.
21.08.2013 00:00, Alan McKinnon пишет:
Hey, maybe you guys are doing your job in ~arch *too well*, to your own
detriment :-) Something to consider?
~arch should not break every day, yeah(we have hardmasked for that :-P),
but it means that breakages are ALLOWED and it is NORMAL if they are not
On Wed, 21 Aug 2013 11:54:48 +0400
Sergey Popov pinkb...@gentoo.org wrote:
by some other ways(e.g., recruiting people).
Recruiting shows to be a hard task; so, the suggestions I am doing are
assuming that that doesn't work out. In which case, I wonder what by
some other ways you would think
On Wed, 21 Aug 2013 11:57:22 +0400
Sergey Popov pinkb...@gentoo.org wrote:
20.08.2013 23:42, Tom Wijsman пишет:
On Tue, 20 Aug 2013 14:29:09 -0400
Wyatt Epp wyatt@gmail.com wrote:
What manner of bitrot?
They might ...
2. ... contain security bugs that later versions have
21.08.2013 12:17, Tom Wijsman пишет:
On Wed, 21 Aug 2013 11:57:22 +0400
Sergey Popov pinkb...@gentoo.org wrote:
20.08.2013 23:42, Tom Wijsman пишет:
On Tue, 20 Aug 2013 14:29:09 -0400
Wyatt Epp wyatt@gmail.com wrote:
What manner of bitrot?
They might ...
2. ... contain security
On Wed, 21 Aug 2013 12:07:16 +0400
Sergey Popov pinkb...@gentoo.org wrote:
21.08.2013 00:06, Tom Wijsman пишет:
On Tue, 20 Aug 2013 15:41:42 -0400
Rich Freeman ri...@gentoo.org wrote:
Let me dig up an example...
Our last sys-kernel/gentoo-sources stabilization was 3 months ago:
21.08.2013 12:13, Tom Wijsman пишет:
Recruiting shows to be a hard task; so, the suggestions I am doing are
assuming that that doesn't work out. In which case, I wonder what by
some other ways you would think of...
Dropping some keywords to unstable on minor arches. And about
recruiting, it is
On Tue, 20 Aug 2013 20:42:57 -0400
Rich Freeman ri...@gentoo.org wrote:
On Tue, Aug 20, 2013 at 5:03 PM, Andreas K. Huettel
dilfri...@gentoo.org wrote:
Stable implies not so often changing. If you really need newer
packages on a system that has to be rock-solid, then keyword what
you
21.08.2013 12:25, Tom Wijsman пишет:
3.10 is not a shiny new version, it has been in the Portage tree for 7
weeks now (upstream release at 2013-06-30 22:13:42 (GMT)); so, that's
almost double the time you are suggesting.
Current stabilization target(3.10.7) was added to tree:
21.08.2013 12:39, Tom Wijsman пишет:
The latest distros seemed to be just a bunch of same old stuff.
Nothing new -- nothing innovative. ~ Larry's frustration. :(
Then Larry tried Gentoo Linux. He was just impressed. ... He
discovered lots of up-to-date packages ... ~ Larry's happiness. :)
On Wed, 21 Aug 2013 12:32:35 +0400
Sergey Popov pinkb...@gentoo.org wrote:
21.08.2013 12:13, Tom Wijsman пишет:
Recruiting shows to be a hard task; so, the suggestions I am doing
are assuming that that doesn't work out. In which case, I wonder
what by some other ways you would think of...
On Wed, 21 Aug 2013 12:21:41 +0400
Sergey Popov pinkb...@gentoo.org wrote:
21.08.2013 12:17, Tom Wijsman пишет:
On Wed, 21 Aug 2013 11:57:22 +0400
Sergey Popov pinkb...@gentoo.org wrote:
20.08.2013 23:42, Tom Wijsman пишет:
On Tue, 20 Aug 2013 14:29:09 -0400
Wyatt Epp
Am Mittwoch, 21. August 2013, 10:39:23 schrieb Tom Wijsman:
The latest distros seemed to be just a bunch of same old stuff.
Nothing new -- nothing innovative. ~ Larry's frustration. :(
Then Larry tried Gentoo Linux. He was just impressed. ... He
discovered lots of up-to-date packages ... ~
On 08/21/2013 09:57 AM, Sergey Popov wrote:
20.08.2013 23:42, Tom Wijsman пишет:
On Tue, 20 Aug 2013 14:29:09 -0400
Wyatt Epp wyatt@gmail.com wrote:
What manner of bitrot?
They might ...
2. ... contain security bugs that later versions have fixed.
There should be security bug on
On Wed, 21 Aug 2013 12:49:03 +0400
Sergey Popov pinkb...@gentoo.org wrote:
21.08.2013 12:39, Tom Wijsman пишет:
The latest distros seemed to be just a bunch of same old stuff.
Nothing new -- nothing innovative. ~ Larry's frustration. :(
Then Larry tried Gentoo Linux. He was just
21.08.2013 13:28, Tom Wijsman пишет:
That is 3.10.7, not 3.10; please look into how kernel releases work,
minor releases are merely a small number of backported known fixes.
What you propose, waiting 30 days for a minor; simply doesn't work
when there are one to two minors a week, it puts us
21.08.2013 13:17, Manuel Rüger пишет:
Security team could maintain its own p.accept_keywords in profiles/ and
add testing keyworded ebuilds that fix security issues there.
Users who are interested skipping the stabilization process could link
it into their /etc/portage/p.accept_keywords
21.08.2013 13:13, Tom Wijsman пишет:
On Wed, 21 Aug 2013 12:32:35 +0400
Sergey Popov pinkb...@gentoo.org wrote:
21.08.2013 12:13, Tom Wijsman пишет:
Recruiting shows to be a hard task; so, the suggestions I am doing
are assuming that that doesn't work out. In which case, I wonder
what by
On Wed, 21 Aug 2013 13:42:56 +0400
Sergey Popov pinkb...@gentoo.org wrote:
So it is definitely NOT 7 weeks
Let me clarify this again, our last stable kernel is from 7 weeks ago.
21.08.2013 13:28, Tom Wijsman пишет:
That is 3.10.7, not 3.10; please look into how kernel releases work,
minor
On Wed, 21 Aug 2013 13:54:51 +0400
Sergey Popov pinkb...@gentoo.org wrote:
21.08.2013 13:13, Tom Wijsman пишет:
On Wed, 21 Aug 2013 12:32:35 +0400
Sergey Popov pinkb...@gentoo.org wrote:
21.08.2013 12:13, Tom Wijsman пишет:
Recruiting shows to be a hard task; so, the suggestions I am
On Wed, 21 Aug 2013 13:50:22 +0400
Sergey Popov pinkb...@gentoo.org wrote:
Easing stabilization procedure makes stable more, well, unstable.
It doesn't have to be easier; it just has to be done differently, in
which way we can benefit from the users whom are actively testing it.
Currently we
El mié, 21-08-2013 a las 11:16 +0200, Tom Wijsman escribió:
[...]
That's not what I am suggesting.
It is not about bringing in new versions, but about getting rid of
OLD versions which LIKELY contain MORE security problems than you
imagine. Keeping them around for too long time isn't
On 08/21/2013 12:35 AM, Ben de Groot wrote:
On 21 August 2013 04:12, Michael Orlitzky mich...@orlitzky.com wrote:
[snip]
Ok, this one is ridiculous. The stable version of Rails is 2.3.18, and
3.0 was released almost exactly three years ago. Every time rails-3.x
gets bumped, I have to manually
On Wed, Aug 21, 2013 at 4:39 AM, Tom Wijsman tom...@gentoo.org wrote:
The latest distros seemed to be just a bunch of same old stuff.
Nothing new -- nothing innovative. ~ Larry's frustration. :(
Then Larry tried Gentoo Linux. He was just impressed. ... He
discovered lots of up-to-date
21.08.2013 14:36, Tom Wijsman пишет:
On Wed, 21 Aug 2013 13:54:51 +0400
Sergey Popov pinkb...@gentoo.org wrote:
21.08.2013 13:13, Tom Wijsman пишет:
On Wed, 21 Aug 2013 12:32:35 +0400
Sergey Popov pinkb...@gentoo.org wrote:
21.08.2013 12:13, Tom Wijsman пишет:
Recruiting shows to be a
21.08.2013 14:29, Tom Wijsman пишет:
On Wed, 21 Aug 2013 13:42:56 +0400
You do draw assumptions, because you don't take a look; please do:
https://bugs.gentoo.org/buglist.cgi?quicksearch=assignee%3Asecurity%40gentoo.org%20CC%3Akernel%40gentoo.org
Sort by Changed such that the newest appear
On Wed, 21 Aug 2013 16:16:53 +0400
Sergey Popov pinkb...@gentoo.org wrote:
And if you want to move stabilization checks to unqualified users,
then it is way to nowhere.
No, because there would be much more users giving feedback.
Feedback is good. But if it simple works for me without
On Wed, 21 Aug 2013 16:22:28 +0400
Sergey Popov pinkb...@gentoo.org wrote:
21.08.2013 14:29, Tom Wijsman пишет:
On Wed, 21 Aug 2013 13:42:56 +0400
You do draw assumptions, because you don't take a look; please do:
El mié, 21-08-2013 a las 14:25 +0200, Tom Wijsman escribió:
[...]
2) recruit more arch testers/arch team members;
Same point as before, let's see if that will be enough.
Well, ago has being doing a great work getting more Arch Testers (at
least for amd64), maybe some of them could give the
On Wed, Aug 21, 2013 at 5:50 AM, Sergey Popov pinkb...@gentoo.org wrote:
As i said earlier, we should recruit more people - then problem will go
away.
This is a point most of the people in this thread seem to be dancing
around that's sort of problematic. You can talk about recruiting
until
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 21/08/13 08:36 AM, Tom Wijsman wrote:
Given the kernel volume, I think even CVE's don't cover
everything...
Kernel is really a special case here, imo -- emerge doesn't install
kernels, it just provides their sources. End-users still need
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 21 Aug 2013 10:27:51 -0400
Ian Stakenvicius a...@gentoo.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 21/08/13 08:36 AM, Tom Wijsman wrote:
Given the kernel volume, I think even CVE's don't cover
everything...
On Wed, Aug 21, 2013 at 10:27 AM, Ian Stakenvicius a...@gentoo.org wrote:
That's not to say that gentoo-sources shouldn't follow the regular
overall stabilization policies, but focusing on the kernel as the
impetus for adjusting the stabilization policy or pointing out what's
wrong with the
21.08.2013 17:38, Wyatt Epp пишет:
Fundamentally, I see this as a problem of tooling.
I think that no tool can cover all cases of checking that software
WORKS. I mean - in generic, for all kinds of software. You can guarantee
if it builds, if it follow some QA rules about
On Wed, Aug 21, 2013 at 10:56 AM, Tom Wijsman tom...@gentoo.org wrote:
That doesn't make it a special case here, imo; especially not, since
we are designing and implementing ebuilds that _build_ the kernel.
Whether it provides the sources, or build it; what does that matter?
Yes and no. I
All,
I'm not really sure what the answer to this problem is, so I want to
know what the group thinks about how we can handle it.
During the last release of OpenRC, I learned that people *do* run
production servers on ~arch. I asked about it and was told that the
reason for this is bitrot in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 20/08/13 02:19 PM, William Hubbs wrote:
All,
I'm not really sure what the answer to this problem is, so I want
to know what the group thinks about how we can handle it.
During the last release of OpenRC, I learned that people *do* run
On Tue, Aug 20, 2013 at 2:19 PM, William Hubbs willi...@gentoo.org wrote:
During the last release of OpenRC, I learned that people *do* run
production servers on ~arch. I asked about it and was told that the
reason for this is bitrot in the stable tree.
This right here seems strange to me.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 20/08/13 02:29 PM, Wyatt Epp wrote:
On Tue, Aug 20, 2013 at 2:19 PM, William Hubbs
willi...@gentoo.org wrote:
During the last release of OpenRC, I learned that people *do*
run production servers on ~arch. I asked about it and was told
that
On Tue, Aug 20, 2013 at 8:29 PM, Wyatt Epp wyatt@gmail.com wrote:
This right here seems strange to me. What things in stable are
undergoing bitrot? What manner of bitrot? On what architectures?
Yeah, something slightly more specific would be useful here.
I run my servers with stable
On Tue, 20 Aug 2013 13:19:10 -0500
William Hubbs willi...@gentoo.org wrote:
All,
I'm not really sure what the answer to this problem is, so I want to
know what the group thinks about how we can handle it.
During the last release of OpenRC, I learned that people *do* run
production
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 20 Aug 2013 14:28:15 -0400
Ian Stakenvicius a...@gentoo.org wrote:
I see a few issues with ~arch - table migrations:
#1 - things just sit in ~arch. The auto-stablereq script should help
with this one I think; we should give it some time
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 20 Aug 2013 14:28:15 -0400
Ian Stakenvicius a...@gentoo.org wrote:
#1 - things just sit in ~arch. The auto-stablereq script should help
with this one I think; we should give it some time to see if it works
out.
As an alternative, how
On Tue, Aug 20, 2013 at 3:24 PM, Tom Wijsman tom...@gentoo.org wrote:
While I don't, and asked it just because of the large amount; it
appears from some things lately, and not just OpenRC, that there is a
certain group that regards ~arch as some kind of new stable.
People have been talking
On Tue, 20 Aug 2013 14:29:09 -0400
Wyatt Epp wyatt@gmail.com wrote:
On Tue, Aug 20, 2013 at 2:19 PM, William Hubbs willi...@gentoo.org
wrote:
What things in stable are undergoing bitrot?
Things that are too old; see 'imlate' from app-portage/gentoolkit-dev,
this can be handy to indicate
On Tue, 20 Aug 2013 20:45:05 +0200
Dirkjan Ochtman d...@gentoo.org wrote:
On Tue, Aug 20, 2013 at 8:29 PM, Wyatt Epp wyatt@gmail.com
wrote:
This right here seems strange to me. What things in stable are
undergoing bitrot? What manner of bitrot? On what architectures?
Yeah,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 20 Aug 2013 20:37:17 +0100
Ciaran McCreesh ciaran.mccre...@googlemail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 20 Aug 2013 14:28:15 -0400
Ian Stakenvicius a...@gentoo.org wrote:
#1 - things just sit in ~arch.
On 20/08/2013 21:24, Tom Wijsman wrote:
On Tue, 20 Aug 2013 13:19:10 -0500
William Hubbs willi...@gentoo.org wrote:
All,
I'm not really sure what the answer to this problem is, so I want to
know what the group thinks about how we can handle it.
During the last release of OpenRC, I
On Tue, 20 Aug 2013 15:41:42 -0400
Rich Freeman ri...@gentoo.org wrote:
Let me dig up an example...
Our last sys-kernel/gentoo-sources stabilization was 3 months ago:
I don't really see a problem with stable package being all of 3 months
old. Contrast that with youtube-dl which pull
On 08/20/2013 02:19 PM, William Hubbs wrote:
My question is, how can we improve our stabilization procedures/policies
so we can convince people not to run production servers on ~arch and
keep the stable tree more up to date?
Just delete /etc/conf.d/net with an ~arch update every once in a
On 08/20/2013 08:19 PM, William Hubbs wrote:
My question is, how can we improve our stabilization procedures/policies
so we can convince people not to run production servers on ~arch and
keep the stable tree more up to date?
Why convince them? They have been warned and it's their own
On Tue, 20 Aug 2013 22:00:52 +0200
Alan McKinnon alan.mckin...@gmail.com wrote:
As a long time user and citizen of -user I can tell you what the
general feeling of arch vs ~arch there is:
Thanks for jumping into the discussion.
arch has plenty old stuff in it
Yes, it keeps me from using it;
Am Dienstag, 20. August 2013, 20:19:10 schrieb William Hubbs:
I'm not really sure what the answer to this problem is, so I want to
know what the group thinks about how we can handle it.
During the last release of OpenRC, I learned that people *do* run
production servers on ~arch. I asked
On Tue, 20 Aug 2013 22:16:34 +0200
hasufell hasuf...@gentoo.org wrote:
On 08/20/2013 08:19 PM, William Hubbs wrote:
My question is, how can we improve our stabilization
procedures/policies so we can convince people not to run production
servers on ~arch and keep the stable tree more up
On Tue, Aug 20, 2013 at 04:12:45PM -0400, Michael Orlitzky wrote
On 08/20/2013 02:19 PM, William Hubbs wrote:
My question is, how can we improve our stabilization
procedures/policies so we can convince people not to run production
servers on ~arch and keep the stable tree more up to date?
On Tue, Aug 20, 2013 at 5:05 PM, Tom Wijsman tom...@gentoo.org wrote:
At least the numbers for the year sound like something we will want to
deal with; from there, we could try to keep half a year low. And after
a while, we might end up ensuring stabilization within 3 months.
That's still
On Tue, Aug 20, 2013 at 5:03 PM, Andreas K. Huettel
dilfri...@gentoo.org wrote:
Stable implies not so often changing. If you really need newer packages on a
system that has to be rock-solid, then keyword what you need and nothing else.
++
30 days is too long? How can something new be stable?
On Tue, Aug 20, 2013 at 7:42 PM, Rich Freeman ri...@gentoo.org wrote:
On Tue, Aug 20, 2013 at 5:03 PM, Andreas K. Huettel
dilfri...@gentoo.org wrote:
Stable implies not so often changing. If you really need newer
packages on a
system that has to be rock-solid, then keyword what you need
On 8/20/13 11:19 AM, William Hubbs wrote:
During the last release of OpenRC, I learned that people *do* run
production servers on ~arch. I asked about it and was told that the
reason for this is bitrot in the stable tree.
People frequently point to lack of manpower as reason for this, but I
On 21 August 2013 04:12, Michael Orlitzky mich...@orlitzky.com wrote:
[snip]
Ok, this one is ridiculous. The stable version of Rails is 2.3.18, and
3.0 was released almost exactly three years ago. Every time rails-3.x
gets bumped, I have to manually update the entire list above. I need
to do
78 matches
Mail list logo
