From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29034 invoked from network); 6 Jan 2004 12:48:58 +0000 Received: from smtp.gentoo.org (128.193.0.39) by eagle.gentoo.oregonstate.edu with DES-CBC3-SHA encrypted SMTP; 6 Jan 2004 12:48:58 +0000 Received: from lists.gentoo.org ([128.193.0.34] helo=eagle.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.24) id 1Adqdl-0000LQ-Li for arch-gentoo-dev@lists.gentoo.org; Tue, 06 Jan 2004 12:48:57 +0000 Received: (qmail 27544 invoked by uid 50004); 6 Jan 2004 12:44:34 +0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 8389 invoked from network); 6 Jan 2004 12:44:34 +0000 From: Paul de Vrieze To: gentoo-dev@lists.gentoo.org Date: Tue, 6 Jan 2004 13:44:32 +0100 User-Agent: KMail/1.5.4 References: <200401052305.45317.robert.cole@support4linux.com> <20040106075525.GB19117@cerberus.oppresses.us> <200401060039.29348.robert.cole@support4linux.com> In-Reply-To: <200401060039.29348.robert.cole@support4linux.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: clearsigned data Content-Disposition: inline Message-Id: <200401061344.32251.pauldv@gentoo.org> Subject: Re: [gentoo-dev] creating ebuilds X-Archives-Salt: 75a9b196-092b-429a-842d-1c0619ee9a27 X-Archives-Hash: 0b83e0c741e987c8fc7a2ac3d8030fbc =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 06 January 2004 09:39, Robert Cole wrote: > > Those systems aren't yours or any other gentoo devs responsibility. I > think if most gentoo users/admins would really really think about it > they know the risks they took when they started using gentoo. It's > bleeding edge using ACCEPT_KEYWORDS or not. I understand, and if every > gentoo user would really be honest with themselves, that my system > could go POOF on the next world update. I know mine has a few times in > the earlier days of gentoo. That's life on the bleeding edge. I would need to disagree with this. The gentoo project is responsible for=20 doing everything reasonable to maintain the integrity of the tree. Say=20 in a case where everyone would just be able to add an ebuild to the tree=20 given that it compiled, and the tree would get say a trojaned glibc=20 turning all gentoo system into spam zombies. Then imagine I was the=20 manager of a company that as a result had extra costs of say $100000. In=20 that case I would certainly try to sue gentoo technologies inc. I feel=20 that I actually should be awarded damages. While the GPL does have a waranty disclaim, there is no way that this can=20 actually be enforced in the case of gross negligence (with most laws, at=20 least the European ones). Allowing the gentoo tree to be a free-for-all=20 would equal gross negligence for me. This is certainly not a matter of broken ebuilds or instability it is=20 against protection of malice (i.e. criminal behaviour). Besides that=20 there must be quality mechanisms in place, but we must protect agains=20 criminal behaviour first. Paul =2D --=20 Paul de Vrieze Gentoo Developer Mail: pauldv@gentoo.org Homepage: http://www.devrieze.net =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQE/+q2wbKx5DBjWFdsRAhOjAKDlYVE2qrHSyTrhZ0KNPkOZlD9XfgCg4gCA A3UYhU4RfyLy+CjVmHINhyE=3D =3DyQlP =2D----END PGP SIGNATURE----- -- gentoo-dev@gentoo.org mailing list