Re: [gentoo-dev] EAPI change: Call ebuild functions from trusted working directory
On Friday 17 October 2008, Robert Buchholz wrote: On Monday 13 October 2008, Ciaran McCreesh wrote: It's a retroactive change to EAPI 0 that requires changes from package managers and has security implications... Robert isn't requesting that we specify and mandate existing behaviour here, so it's not really something that should be left up to PMS to decide and enforce. All package manager developers have implemented this change, and PMS editors have not objected to adding it to the spec. If Ciaran is uncomfortable with adding this change, I would like council to sign off on it. If council will not add this to the agenda, please state so and I hope the PMS folks can add it to the spec without a vote. Furthermore, what are the blockers to vote on PMS as a draft standard for EAPI=0 ? Is there a timeframe for its ratification? Has this been discussed in the last council meeting? If not, can you please give a reply for the questions above? Robert signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] EAPI change: Call ebuild functions from trusted working directory
On Monday 13 October 2008, Ciaran McCreesh wrote: On Mon, 13 Oct 2008 10:42:21 -0700 Donnie Berkholz [EMAIL PROTECTED] wrote: It seems to me that this is an EAPI=0 change. Since EAPI=1 and EAPI=2 are just differences to EAPI=0, they wouldn't be voted on. Since EAPI=0 isn't actually approved yet, council wouldn't vote either. As it's a draft standard, this would be resolved amongst package-manager developers and PMS editors. It's a retroactive change to EAPI 0 that requires changes from package managers and has security implications... Robert isn't requesting that we specify and mandate existing behaviour here, so it's not really something that should be left up to PMS to decide and enforce. All package manager developers have implemented this change, and PMS editors have not objected to adding it to the spec. If Ciaran is uncomfortable with adding this change, I would like council to sign off on it. If council will not add this to the agenda, please state so and I hope the PMS folks can add it to the spec without a vote. Furthermore, what are the blockers to vote on PMS as a draft standard for EAPI=0 ? Is there a timeframe for its ratification? Robert signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] EAPI change: Call ebuild functions from trusted working directory
On 21:03 Thu 09 Oct , Robert Buchholz wrote: I would like: * everyone to comment on the change and propose changes to the wording * council to vote on this change to EAPI-0, -1 and -2. It seems to me that this is an EAPI=0 change. Since EAPI=1 and EAPI=2 are just differences to EAPI=0, they wouldn't be voted on. Since EAPI=0 isn't actually approved yet, council wouldn't vote either. As it's a draft standard, this would be resolved amongst package-manager developers and PMS editors. -- Thanks, Donnie Donnie Berkholz Developer, Gentoo Linux Blog: http://dberkholz.wordpress.com pgpXNU4KZgRYa.pgp Description: PGP signature
Re: [gentoo-dev] EAPI change: Call ebuild functions from trusted working directory
On Monday, 13. October 2008 19:42:21 Donnie Berkholz wrote: Since EAPI=0 isn't actually approved yet, council wouldn't vote either. As it's a draft standard, this would be resolved amongst package-manager developers and PMS editors. So, EAPI-2 had to be approved before it could be used in the tree. EAPI-0 isn't actually approved yet, though, so it must not be used in the tree, right? ;-) And since EAPI-1 builds upon EAPI-0, that's not acceptable in the tree either. (And, btw, the former council decided there wouldn't be any new EAPIs before EAPI-0 wasn't approved.) While I agree with your intention of letting people decide upon the stuff they have to work with mostly on their own and with each other, I think your argument, Donnie, is rather interesting. :-) Best regards, Wulf signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] EAPI change: Call ebuild functions from trusted working directory
On Mon, 13 Oct 2008 10:42:21 -0700 Donnie Berkholz [EMAIL PROTECTED] wrote: It seems to me that this is an EAPI=0 change. Since EAPI=1 and EAPI=2 are just differences to EAPI=0, they wouldn't be voted on. Since EAPI=0 isn't actually approved yet, council wouldn't vote either. As it's a draft standard, this would be resolved amongst package-manager developers and PMS editors. It's a retroactive change to EAPI 0 that requires changes from package managers and has security implications... Robert isn't requesting that we specify and mandate existing behaviour here, so it's not really something that should be left up to PMS to decide and enforce. I mean, if the Council's comfortable with PMS being used to force package manager changes for things that aren't obviously bugs, we could do it without asking, but that looks a lot like a slippery slope... -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] EAPI change: Call ebuild functions from trusted working directory
On 20:20 Mon 13 Oct , Wulf C. Krueger wrote: On Monday, 13. October 2008 19:42:21 Donnie Berkholz wrote: Since EAPI=0 isn't actually approved yet, council wouldn't vote either. As it's a draft standard, this would be resolved amongst package-manager developers and PMS editors. So, EAPI-2 had to be approved before it could be used in the tree. EAPI-0 isn't actually approved yet, though, so it must not be used in the tree, right? ;-) EAPI=0 was grandfathered in, it's unlike any new set of features. And since EAPI-1 builds upon EAPI-0, that's not acceptable in the tree either. (And, btw, the former council decided there wouldn't be any new EAPIs before EAPI-0 wasn't approved.) I think that was done under the assumption that EAPI=0 would actually be finished sometime soon. It's now been 8 months since that discussion. I disagree with halting forward progress on something directly relevant to all ebuild developers (important future ebuild features) to specify existing behavior. I think specifications are useful but are not a blocker. -- Thanks, Donnie Donnie Berkholz Developer, Gentoo Linux Blog: http://dberkholz.wordpress.com pgp9nkEXXJhrr.pgp Description: PGP signature