From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FoOB3-0004uX-UJ for garchives@archives.gentoo.org; Thu, 08 Jun 2006 17:20:14 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k58HJ58u012448; Thu, 8 Jun 2006 17:19:05 GMT Received: from mail.cs.mcgill.ca (mail.CS.McGill.CA [132.206.51.234]) by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k58HGpkw006225 for ; Thu, 8 Jun 2006 17:16:52 GMT Received: from potus.CS.McGill.CA (tls.CS.McGill.CA [132.206.3.97]) by mail.cs.mcgill.ca (Postfix) with ESMTP id EA50E2FF90 for ; Thu, 8 Jun 2006 13:16:50 -0400 (EDT) Received: from [132.206.2.111] (thor.CS.McGill.CA [132.206.2.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by potus.CS.McGill.CA (Postfix) with ESMTP id A3FBC1B0081 for ; Thu, 8 Jun 2006 13:16:50 -0400 (EDT) Message-ID: <44885B81.3030304@gentoo.org> Date: Thu, 08 Jun 2006 13:16:49 -0400 From: Patrick McLean User-Agent: Thunderbird 1.5.0.4 (X11/20060605) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [ANNOUNCE] Project Sunrise - Gentoo User Overlay References: <1149772819.19443.10.camel@cgianelloni.nuvox.net> <20060608093213.e0ccb189.tcort@gentoo.org> <20060608144145.GA7696@cerberus.oppresses.us> <623652d50606080959s4c78080fm3780db3d5b5cee64@mail.gmail.com> In-Reply-To: <623652d50606080959s4c78080fm3780db3d5b5cee64@mail.gmail.com> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 717d3d90-ee99-4ba7-8d4e-0e1f4503799e X-Archives-Hash: fcfd08d914e85f11bcd05c3d3ef99905 Chris Bainbridge wrote: > On 08/06/06, Jon Portnoy wrote: >> I do very much object to using any gentoo.org infrastructure or >> subdomains to do so. If someone is going to tackle that, it should be >> done outside of Gentoo proper. We don't need to be stuck maintaining and >> supporting a semiofficial overlay. > > There are already loads of semi-official overlays. Besides the stuff > actually hosted by gentoo (random example > http://dev.gentoo.org/~flameeyes/bzr/overlay/) there are official > groups (again, not picking on anyone but exampes would be java, php, > webapps...) with semi-official overlays. I don't know if the overlays > are actually hosted on gentoo hardware, but when they're run by gentoo > devs, publically available, and referred to in forums, bugzilla, > mailing lists etc. then that at least makes them "semi-official". These overlays are completely controlled by Gentoo developers, which is what the overlays.gentoo.org was going to be, simply a single location for all these developer controlled overlays. This project is an overlay (un)controlled by random users, with no quality checks or any standards of any kind. This is fine for non-gentoo hosted stuff (like BMG), but hosting stuff like this on *.gentoo.org, and not having the use go through hoops to use it is probably not a good idea from either a security or QA standpoint. Currently 3rd party ebuilds can live in bugzilla, and the use must create their own overlay, and generate their own digests to use them. Making a user put this extra work into encourages users to be more careful, and hopefully look stuff over before using it. It also reinforces that the package is _unsupported_, hence discouraging them from filing any new bugs. Having a "semi-official" overlay where users can contribute ebuilds will open possible security problems (malicious commits) as well as be a QA/bug triaging nightmare as developers will have to figure out whether the ebuild the user is using came from the "official" overlay or the official tree. -- gentoo-dev@gentoo.org mailing list