From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1G85kV-0004z2-Dw for garchives@archives.gentoo.org; Wed, 02 Aug 2006 01:42:15 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k721fRva026402; Wed, 2 Aug 2006 01:41:27 GMT Received: from alnrmhc11.comcast.net (alnrmhc13.comcast.net [206.18.177.53]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k721dVml024751 for ; Wed, 2 Aug 2006 01:39:32 GMT Received: from seldon (c-24-21-135-117.hsd1.or.comcast.net[24.21.135.117]) by comcast.net (alnrmhc13) with SMTP id <20060802013924b1300hsa0je>; Wed, 2 Aug 2006 01:39:28 +0000 Date: Tue, 1 Aug 2006 18:39:22 -0700 From: Brian Harring To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Project Sunrise resumed again (was Resignation) Message-ID: <20060802013922.GA8912@seldon> References: <20060731035316.74ba21ed@snowdrop.home> <1154322337.11516.34.camel@localhost> <200608020224.25861.carlo@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline In-Reply-To: <200608020224.25861.carlo@gentoo.org> User-Agent: Mutt/1.5.11 X-Archives-Salt: b1af5eaf-9566-4456-ab6e-616895274c7b X-Archives-Hash: edec645e3711ff3f0fac5bea0f4bc6d1 --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 02, 2006 at 02:24:17AM +0200, Carsten Lohrke wrote: > On Monday 31 July 2006 07:05, Seemant Kulleen wrote: > > OK, let's start with: what exactly is the problem? > 1) Please reread my replies in the first sunrise thread. Points are: 1) no security,=20 Suggest you read their responses, and look into some of their material=20 (in particular their faq). Two levels. One, holding area (essentially). Second level (what users get), is the reviewed branch. So... if you're arguing people can stick malicious shit into the first=20 level, yes, they could. I could also stick malicious code into bugzilla. If you're dumb=20 enough to run it without checking it, your own fault (both cases). If you're arguing that malicious code gets stuck into reviewed... when=20 I was a dev, I could have very easily done the same thing. Comes down to trust that they know what they're doing for the second=20 level- again, same situation for the gentoo-x86. And... just cause I'm mildly sick of this bullshit, I'll head off=20 the retort of "but people with +w for gentoo-x86 have been passed=20 through the developer process, screening the malicious". Ayone=20 determined can punch through it without issue- *both* gentoo-x86 and=20 sunrise. > 2) issues with eclass changes which will result in bug spam You're not supposed to change the exposed api of eclasses in the tree=20 (something y'all do violate I might add, which is a seperate QA=20 matter). Same issue applies to the 'official' overlays offered by=20 devs also, and to the tree in general. It's a reaching statement, bluntly. Using such an arguement has the=20 side affect of stating that no overlays should ever exist, because=20 they suffer the same potentials. Which obviously is a bit of BS. > 3) the fact that sunrise is a bunch of arbitrary packages, instead close = related ones managed=20 > by one team, that does exactly maintain relevant packages. What the hell do you think the tree is? It's a bunch of arbitrary=20 packages maintained loosely by subgroups of people; you're stating=20 that sunrise is too loose yet gentoo-x86 is fundamentally no=20 different. Sunrise is pretty much the same damn thing. > These issues are=20 > fundamental, pointed out multiple times. You can't believe how ridiculous= =20 > Mike's question in the other thread, if there were any remaining issues,= =20 > sound to me and obviously others. Frankly, your points are assine/fud here. If you're going to bitch=20 about flaws inherent in the work _you_ also do, kindly at least state=20 it's universal rather then pawning it off as a sunrise specific=20 failing. ~harring --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFE0AJJvdBxRoA3VU0RAsZCAKDeHbmN3qc5NEKAQBX+31xbrfa3pwCeKdOM 9CNopTXUr/61l1hKpiw3IDk= =nEEc -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu-- -- gentoo-dev@gentoo.org mailing list