From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FofIZ-00036C-U0 for garchives@archives.gentoo.org; Fri, 09 Jun 2006 11:37:08 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k59BYTaU030701; Fri, 9 Jun 2006 11:34:29 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k59BShB5008485 for ; Fri, 9 Jun 2006 11:28:44 GMT Received: from iglu.bnet.local (c190020.adsl.hansenet.de [213.39.190.20]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 49AD265561 for ; Fri, 9 Jun 2006 11:28:43 +0000 (UTC) From: Carsten Lohrke To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Re: [ANNOUNCE] Project Sunrise - Gentoo User Overlay Date: Fri, 9 Jun 2006 13:28:39 +0200 User-Agent: KMail/1.9.3 References: In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1349322.9SassOfGDT"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200606091328.40216.carlo@gentoo.org> X-Archives-Salt: 3161029e-86b4-4d3c-8030-6cc59751c1ea X-Archives-Hash: b39d297e8315516b3c5281035afb09bd --nextPart1349322.9SassOfGDT Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 09 June 2006 02:53, Stefan Schweizer wrote: > > It also doesn't answer the questions of security and maintenance. Are > > genstef and jokey going to be responsible for the security of every > > single package in the overlay? > > Yes, we will be acting upon all issues that we hear about. =2E.. > > that is neither supported security wise, nor is > > ensured that the ebuilds have a minimal quality (do not fubar a users > > system). > > we do support it security wise, we will be reacting upon security issues. > We do have package.mask support in the overlay and we are going to use it. > The ebuilds have a quality, repoman is required to be run. Also > contributors should be knowing what they are doing - they are submitting = an > ebuild to the sunrise overlay, it needs to follow certain standards. See, I don't go over this bridge, that an overlay of arbitrary packages, wi= th=20 varying skills and knowledge needed, can be decently controlled with very f= ew=20 people caring and not having a security team backing you up. Carsten --nextPart1349322.9SassOfGDT Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3-ecc0.1.6 (GNU/Linux) iD8DBQBEiVtoVwbzmvGLSW8RAgwIAKCOl7NCQv69//ekenmasY2mls7iAACfQM6v qsxQze1PD4Ii8nJM/Km1fZs= =VgzX -----END PGP SIGNATURE----- --nextPart1349322.9SassOfGDT-- -- gentoo-dev@gentoo.org mailing list