Michał Górny wrote: > I'm seriously wondering why I'm wasting so much effort on open source.
Open source only ever works when taking responsibility for one's problems. > I don't see a good way out of it. I see a couple. Of course all require some effort. One was already mentioned; move Gentoo package management from Python to some compiled language. High effort but maximum independence/reward. Another option, less effort and less reward, is to investigate how much CPython portage in fact requires, and make that a special package in Gentoo. This essentially means a special-purpose fork of CPython, only for running portage. Obviously portage development must then be comfortable without using the latest shiny Python language stuff that only future RustPython will offer. I guess that's not a problem. Yet another is a variant on the previous, but even less effort and much less reward; freeze what language stuff is allowed in portage code and always run portage with some chosen existing/later CPython version. Like libressl and gtk2 this thread also converges on the common point in my argumentation: it's not per se bad, and sometimes supremely wise, to quit chasing the latest version, and rest on a known platform. Coupled with independent efforts to place security-relevant parts in isolated environments (see sandbox) - ongoing effort regardless of Python - I don't see why portage couldn't depend on a CPython interpreter of its own, some last version that works well and is then copied and renamed. It seems like that would be rather straightforward. It might also be a good thing to take portage out of the overall Gentoo Python picture? I don't know here - this bit is just a guess. > arrogant zealots who want to destroy everything in their path LOL, priceless. > The first big blocker we're going to hit is trustme [3] package that > relies on cryptography API pretty heavily to generate TLS certs for > testing. For which testing? Could it be changed to generate certs differently? CAs aren't magic. Attached is a basic script of mine. //Peter
mkca.sh
Description: Bourne shell script
