On Tue, Jan 06, 2004 at 12:39:29AM -0800 or thereabouts, Robert Cole wrote: > I like it. That's a very good process. I'm talking about ebuilds here. I'll be > honest and say I don't know how the backend of the portage tree works with > security and all but maybe another tier would be in order if possible. Like a > low access new ebuild access that gets queued and not actually put in the > tree and someone with access could simply flag it to move into the tree or > reject it sending an email back to the creator of the ebuild why. You've just described bugs.gentoo.org. Granted, plenty of ebuilds sit in there and never make it into the tree. This is not the fault of bugzilla, however. It is more a problem with our process. Ebuilds make it into the tree when a developer cares about them. If no developer cares about them, they tend not to make it into the tree. For right or wrong, that's how things work today. I could see benefits to having a dedicated person, who was extremley knowledgeable in the ins/outs of ebuild creation who did nothing else except scan bugs.gentoo.org for new ebuilds and put them into the tree. Whether there's a person out there with the right skill set willing to do such a job is another question entirely. (not saying there isn't, btw) > > You would be cautious too if there were an estimated quarter of a > > million systems at stake. > > Those systems aren't yours or any other gentoo devs responsibility. I think if > most gentoo users/admins would really really think about it they know the > risks they took when they started using gentoo. It's bleeding edge using > ACCEPT_KEYWORDS or not. I understand, and if every gentoo user would really > be honest with themselves, that my system could go POOF on the next world > update. I know mine has a few times in the earlier days of gentoo. That's > life on the bleeding edge. I believe Jon was talking more about the security side of the house. Each developer we give CVS access to is one more developer that can commit a trojaned ebuild or do something else nasty. Thus, we try to be somewhat careful about handing the keys to the kingdom over to new folks. --kurt