From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Foknb-0008NJ-Op for garchives@archives.gentoo.org; Fri, 09 Jun 2006 17:29:32 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k59HQ1Gx017838; Fri, 9 Jun 2006 17:26:01 GMT Received: from smtp05.gnvlscdb.sys.nuvox.net (smtp.nuvox.net [64.89.70.9]) by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k59HG3s7014330 for ; Fri, 9 Jun 2006 17:16:03 GMT Received: from cgianelloni.nuvox.net (216.215.202.4.nw.nuvox.net [216.215.202.4]) by smtp05.gnvlscdb.sys.nuvox.net (8.12.11.20060308/8.12.11) with SMTP id k59HGUib007311 for ; Fri, 9 Jun 2006 13:16:30 -0400 Received: by cgianelloni.nuvox.net (sSMTP sendmail emulation); Fri, 9 Jun 2006 13:13:46 -0400 Subject: Re: [gentoo-dev] Re: [ANNOUNCE] Project Sunrise - Gentoo User Overlay From: Chris Gianelloni To: gentoo-dev@lists.gentoo.org In-Reply-To: <200606091328.40216.carlo@gentoo.org> References: <200606091328.40216.carlo@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Ne07MTKwNOur27z/hkyd" Organization: Gentoo Linux Date: Fri, 09 Jun 2006 13:13:45 -0400 Message-Id: <1149873226.22473.42.camel@cgianelloni.nuvox.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.6.1 X-Archives-Salt: 47e4eb78-b0c2-458d-a20b-f85ef65e5f4f X-Archives-Hash: 1ad70be546fd2a686b9954ad953e2704 --=-Ne07MTKwNOur27z/hkyd Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2006-06-09 at 13:28 +0200, Carsten Lohrke wrote: > > we do support it security wise, we will be reacting upon security issue= s. > > We do have package.mask support in the overlay and we are going to use = it. > > The ebuilds have a quality, repoman is required to be run. Also > > contributors should be knowing what they are doing - they are submittin= g an > > ebuild to the sunrise overlay, it needs to follow certain standards. >=20 > See, I don't go over this bridge, that an overlay of arbitrary packages, = with=20 > varying skills and knowledge needed, can be decently controlled with very= few=20 > people caring and not having a security team backing you up. I couldn't agree more. With the entire security team, plus arch teams, plus package maintainers, plus arch testers, it is *still* a complex job to maintain security in the tree. However, this group thinks that without any backup support whatsoever, that they'll be able to maintain the security of a project with countless contributors of varying degrees of skill and proficiency in writing ebuilds, as well as the security of the packages themselves. --=20 Chris Gianelloni Release Engineering - Strategic Lead x86 Architecture Team Games - Developer Gentoo Linux --=-Ne07MTKwNOur27z/hkyd Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQBEiaxJkT4lNIS36YERAlooAKDFrele3Ihp9BxFOABZDrthNoWz/wCgmz32 zcWOUeNjALqdqS0RUcb08CU= =IK3i -----END PGP SIGNATURE----- --=-Ne07MTKwNOur27z/hkyd-- -- gentoo-dev@gentoo.org mailing list