From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1G8hUR-00086r-Im for garchives@archives.gentoo.org; Thu, 03 Aug 2006 18:00:12 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k73HvhLo027107; Thu, 3 Aug 2006 17:57:43 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k73HrUFS029044 for ; Thu, 3 Aug 2006 17:53:30 GMT Received: from [10.0.0.13] (dslb-084-063-006-033.pools.arcor-ip.net [84.63.6.33]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 29E686471F for ; Thu, 3 Aug 2006 17:53:28 +0000 (UTC) Subject: Re: [gentoo-dev] Project Sunrise resumed again (was Resignation) From: Patrick Lauer To: gentoo-dev@lists.gentoo.org In-Reply-To: <200608031822.13181.carlo@gentoo.org> References: <200608022005.16242.carlo@gentoo.org> <20060803025651.GA13458@seldon> <200608031822.13181.carlo@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-sXtxugxZwFSfnGwToQ4C" Organization: Gentoo Date: Thu, 03 Aug 2006 19:53:14 +0200 Message-Id: <1154627595.24984.56.camel@localhost> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.6.2 X-Archives-Salt: 8f59d8df-40ff-4e61-9e64-9ef316d0a7f1 X-Archives-Hash: 7a1ae10034678c8a43cc1ed4cabb7db3 --=-sXtxugxZwFSfnGwToQ4C Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2006-08-03 at 18:21 +0200, Carsten Lohrke wrote: > The difference is that I argue, while you accuse me to play false. I cons= ider=20 > this as ad hominem and together with all this "FUD" and "BS" calling, in=20 > contrary to my email, inflammatory. ... and that is inflammatory :-) > > > I'd appreciate, if you would try to have a controversial > > > discussion, without starting to loose your manners. > > > > And I'd appreciate a less condescending tone. >=20 > This wasn't meant condescending, but a true request. Because it's not the= =20 > first time you react this way, when you dislike another ones opinion. It = is=20 > as annoying as Ciaran's habit to make statements without backing them up = -=20 > even when asked to do so. I think it's a language barrier - as you (and I) are not native english spe= akers we tend to put a different emphasis on words. What may look perfectly polite to you could be a big insult to a french or japanese speaker ... That being said, I'd interpret what you've written as mildly condescending too. > > 3) Assumption that sunrise will just be a dumping ground, without any > > form of maintainance is implicit here- if it becomes as such, already > > was stated it would get wedgied by the council. So that leaves the > > angle of "they don't have a security team", which implies to actually > > handle nuking vulnerable ebuilds, one has to have a security team > > (obviously false). >=20 > Dumping ground or not. It's easy to miss vulnerability notices. Especiall= y, if=20 > you don't have guys who expclicitly care for it. And you need a security = team=20 > to announce issue to the user base. I wouldn't use Gentoo, if we not had = such=20 > a hard and good working security team. >=20 I wonder if all inofficial overlays and bugs are always updated? Sunrise is still young, but the way they've handled bugreports makes me quite confident that they'll be able to handle security issues when they have reached a stable and sustainable size.=20 > > Besides... frankly it's kind of BS to push the vuln angle onto sunrise > > when gentoo can't even clean out years old vulnerable packages from > > gentoo-x86 (that doesn't absolve sunrise from having to watch it, nor > > a potshot at the understaffed security team, merely that double > > standards suck). >=20 > Interesting to see you state this. Because this is a far more serious pro= blem,=20 > than supporting "everything" possible; And Sunrise won't fix this either = - if=20 > not the opposite. One of the goals of Sunrise is to recruit new devs. But= we=20 > don't need new devs to add new packages primarily, we more to maintain=20 > existing and not so fancy stuff and to clean out the tree. >=20 How do you train devs? Also, who is only working on the things he did when he initially became dev? [snip] > Your list is rubbish. There're stable versions for all security wise supp= orted=20 > architectures and the relevant GLSA's. If users don't use them, it's thei= r=20 > local problem. If users use sunrise it's their local problem, too.=20 >=20 > > > > And... just cause I'm mildly sick of this bullshit, > > > > > > And I'm sick of people, who miss the point. > > > > As stated above, be concise then. Your points came out of pretty > > much nowhere, poorly communicated, and rather vague in actually > > backing them up. Which... at least from the "backing up the > > complaints", has been the theme for the screaming folk thus far. >=20 > Do I have to learn you to read? See above. ^^ that is really condescending.=20 > > So someone goes and breaks something in gentoo-x86 that breaks > > something for sunrise. Fine, it's sunrises' mess to clean up; they've > > volunteered to do this work, I don't see how you can claim it as a > > negative when they've accepted it as part of _their_ work. >=20 > The problems will pile up in bugs.g.o and "usally" with the wrong address= ee.=20 > This has been every now and then the case with other overlays as well as=20 > users of distros building on Gentoo. I can live with that to a degree. Bu= t=20 > when we do this mess ourselves, it get's highly annoying. Hmmm? The problem with most other overlays is that they also may have updated or patched versions of in-tree applications. Most problems that you claim should not happen in sunrise. > > Granted, they may give you the finger and quit, or your remaining > > fellow devs may rightfully boot you for playing games, but the point > > stands- they stepped up to do the work, including cleaning up > > anything y'all may break for them. >=20 > You're doing it again. No I'm not playig games with you. I have reasonabl= e=20 > complaints and consider this sort of overlay a failure. Then an extra=20 > development tree would be much better. I still fail to see what your issues with it are. All the points you stated are either invalid or not an issue from my p.o.v. >=20 > > You're not limited- they're the ones limited via trying to not step on > > gentoo-x86's toes. How is that a negative then? >=20 > I fear for the security of our user base, especially the lazy, uneducated= =20 > ricers and how this wll reflect on Gentoo's reputation as a whole.=20 What is Gentoo's reputation? I mean ... people have said this a few times, but has anyone just asked a random subset of linux users how they see Gentoo? I guess having a reputation of being bleeding edge, having fast-paced development (with many transient bugs because of the rapid pace of change) and being really easy to use conflicts really hard with Sunrise, right? > I fear=20 > more annoying, invalid bug reports. I don't see any benefit for the exist= ing=20 > tree or Gentoo as a whole. So ignore it. You don't have to use it, but you're trying to limit other devs and users (who may become devs) in their freedom to work on any aspect of gentoo they like.=20 Ebuilds rotting for years in bugzilla (and bugzilla can be quite confusing to use) can not be better than a maintained overlay where people even review ebuilds for mistakes. I wonder why you're implicitly advocating the worse policy, that (from my point of view) is silly and more damaging to Gentoo, if anything is getting damaged at all. I don't see any benefits in not supporting (or just passively ignoring) sunrise. If it fails you can still pull the plug, but until now it has been quite successful in finding motivated users and putting them to use. Granted, communication has been difficult,but the reactions from some devs look really bizzare and extreme to me. (Just food for thought - you shut down sunrise. I pick up the pieces, host it on my hardware and do what I want. You can't stop me, you can't influence my policies, you haven't gained a thing. Users still use The Overlay Formerly Known as Sunrise and complain that Gentoo sucks (because that overlay has wrecked their machine, I'm a mean bastard after all!=20 That's why you should keep Sunrise running and controllable by Gentoo people.) Have fun, Patrick --=20 Stand still, and let the rest of the universe move --=-sXtxugxZwFSfnGwToQ4C Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5-ecc0.1.6 (GNU/Linux) iD4DBQBE0jgKqER3hOUoZM4RAjxfAJjCRwnSd1Ll7Js3+M/f87Nv7b4EAJ9miXlg gkqtWHygKrETj9LyKRTwSQ== =R9nB -----END PGP SIGNATURE----- --=-sXtxugxZwFSfnGwToQ4C-- -- gentoo-dev@gentoo.org mailing list