On Tue January 06 2004 8:04 am, Chris Gianelloni wrote: > Someone who is NOT a developer, and therefore not held liable. If I add > a package to the portage tree, I HAVE to maintina it. That is the > current Gentoo policy, and I think a VERY good policy for keeping > poor-quality ebuilds out of the tree.
I personally believe this type of management has it's days numbered as gentoo grows. > > It sounds like you need a better buffer between new devs and cvs. Like a > > said something queue like that the cvs dev can just click to approve and > > it all happens automagically. > > The truth is, I would like to see FEWER packages added, as it seems the > quality of some packages is deteriorating, while others are getting MUCH > better. Gentoo is working to provide excellent quality control. We do > not wish to EVER force the user community to do our QC for us, which is > why most of your ideas simply won't work. Pushing the testing phase > onto the users is a horrible idea, as it makes it EXTREMELY easy for a > user to end up with a very broken system. We try to provide only > working packages and not things which are of poor quality, as it > reflects on us, as developers. Are we talking about the same distro here? This is gentoo I'm talking about. We all do qc in some form or another whether we report the issue or not is a different story. Gentoo is an advanced distro. It's always been easy to end up with a broken system. Are you trying to make gentoo into another lindows or something? I will say that qc from the devs has evolved to limit the broken systems that use to happen more but we would have never gotten to this point without breaking a system or 100 now and again. I not saying we should continue breaking systems I'm just saying it's not unexpected to get a broken package or two now and again even from experienced and trusted devs. Mistakes can happen and anyone who uses gentoo should not have a problem with that. > Well, cvs does allow a for more fine-grained controls over the tree, > however Gentoo has decided to not use these and rather to rely on trust > to keep things in order. This way a developer is not prohibited from > contributing in an area for which he is not an "official" part. For > example, if we were to implement strong access controls, I would be > allowed to access the games-* parts of the tree. However, I also > maintain a few packages under net-misc. If I were to add a new package, > I would have to request access for that area, which is a serious > bottleneck when you're looking at hundreds of developers each needing > access to different areas. That's exactly the way it works. Now from an administration standpoint you should limit the number of exceptions that happen. I mean you having access to games and misc is ok that way but if you were to maintain packages across a dozen area then you should just have complete access. > The way Gentoo looks at it is simply that if we can't trust you with the > whole tree, why should we trust you with any of it? It's not so much a matter of trust as it is a good security practice. I have root access to my linux systems but does that mean I just run as root all the time? If I take your example here I should and everyone should just run as the root user on a linux/unix system. Why don't we? Because it's a security risk and poor security practice. Same with doing an all or nothing cvs access it's just lazy and there is no other way to put it except just plain lazy security practices. Robert -- [EMAIL PROTECTED] mailing list
