Re: [gentoo-dev] Only you can prevent broken portage trees
On Tuesday 31 October 2006 02:57, Paweł Madej wrote: I'm not a dev but I suppose i got resolution for that problem. Lets make another subproject (don't know how to name it properly) in bugzilla you mean like the Gentoo Security bugzilla product ? -mike pgp1nEpXBCUUN.pgp Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
Paweł Madej wrote: I'm not a dev but I suppose i got resolution for that problem. Lets make another subproject (don't know how to name it properly) in bugzilla in which there will be only bugs affected by security flaw. That bugs will have highest priority from every other ones. And devs would have to look at them firstly What's wrong with simply setting high priority or severity on a bug like you can currently do? -- David Shakaryan GnuPG Public Key: 0x4B8FE14B signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Only you can prevent broken portage trees
Dnia wtorek, 31 października 2006 09:02, Mike Frysinger napisał: On Tuesday 31 October 2006 02:57, Paweł Madej wrote: I'm not a dev but I suppose i got resolution for that problem. Lets make another subproject (don't know how to name it properly) in bugzilla you mean like the Gentoo Security bugzilla product ? -mike Yes that could be that - As I checked there are lack of unneeded noise bugs. So devs could concentrate on important ones. -- Paweł Madej (Nysander) pgpLd243WkYFZ.pgp Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
Dnia wtorek, 31 października 2006 09:06, David Shakaryan napisał: Paweł Madej wrote: I'm not a dev but I suppose i got resolution for that problem. Lets make another subproject (don't know how to name it properly) in bugzilla in which there will be only bugs affected by security flaw. That bugs will have highest priority from every other ones. And devs would have to look at them firstly What's wrong with simply setting high priority or severity on a bug like you can currently do? From user point of view while I report new bug I can set piority and severity to what I want, everybody could. Then bug-wranglers have to point that bug to suitable herd/dev so he is informed about a bug. But such bugs as I was said before are hundreds. Bugs in Gentoo Security as Mike proposed are lot less, so devs could concentrate on them and next go to common bugs category. I don't know if it is possible to make it so, but I hope I helped a little. Greets Paweł Madej (Nysander) pgplGyHcV6AGT.pgp Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tuesday 31 October 2006 03:38, Paweł Madej wrote: Dnia wtorek, 31 października 2006 09:02, Mike Frysinger napisał: On Tuesday 31 October 2006 02:57, Paweł Madej wrote: I'm not a dev but I suppose i got resolution for that problem. Lets make another subproject (don't know how to name it properly) in bugzilla you mean like the Gentoo Security bugzilla product ? Yes that could be that - As I checked there are lack of unneeded noise bugs. So devs could concentrate on important ones. sorry, i dont get it we already have the products available for people to sort arch bugs between stabilize random pkg for fun and stabilize random pkg for security ... in fact, the bug e-mails that go out even have headers in them so people can filter into different folders -mike pgpsxi43xmLSK.pgp Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
Dnia wtorek, 31 października 2006 09:52, Mike Frysinger napisał:
On Tuesday 31 October 2006 03:38, Paweł Madej wrote:
Dnia wtorek, 31 października 2006 09:02, Mike Frysinger napisał:
On Tuesday 31 October 2006 02:57, Paweł Madej wrote:
I'm not a dev but I suppose i got resolution for that problem. Lets
make another subproject (don't know how to name it properly) in
bugzilla
you mean like the Gentoo Security bugzilla product ?
Yes that could be that - As I checked there are lack of unneeded noise
bugs. So devs could concentrate on important ones.
sorry, i dont get it
we already have the products available for people to sort arch bugs
between stabilize random pkg for fun and stabilize random pkg for
security ... in fact, the bug e-mails that go out even have headers in
them so people can filter into different folders
-mike
If there are no such information in emails to which bugzilla product bugreport
is attached, maybe the solution is to write in bug summary [SECURITY] {SEC]
or whatever would point that this bug is important?
pgpXZxORbeqAu.pgp
Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tuesday 31 October 2006 04:08, Paweł Madej wrote: Dnia wtorek, 31 października 2006 09:52, Mike Frysinger napisał: we already have the products available for people to sort arch bugs between stabilize random pkg for fun and stabilize random pkg for security ... in fact, the bug e-mails that go out even have headers in them so people can filter into different folders If there are no such information in emails to which bugzilla product bugreport is attached, i just said *that exact information is already in the e-mail* X-Bugzilla-Product: Gentoo Security X-Bugzilla-Severity: enhancement X-Bugzilla-Keywords: X-Bugzilla-Reason: AssignedTo X-Bugzilla-Component: Vulnerabilities -mike pgpXTmMICM7at.pgp Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
Dnia wtorek, 31 października 2006 10:17, Mike Frysinger napisał: On Tuesday 31 October 2006 04:08, Paweł Madej wrote: Dnia wtorek, 31 października 2006 09:52, Mike Frysinger napisał: we already have the products available for people to sort arch bugs between stabilize random pkg for fun and stabilize random pkg for security ... in fact, the bug e-mails that go out even have headers in them so people can filter into different folders If there are no such information in emails to which bugzilla product bugreport is attached, i just said *that exact information is already in the e-mail* X-Bugzilla-Product: Gentoo Security X-Bugzilla-Severity: enhancement X-Bugzilla-Keywords: X-Bugzilla-Reason: AssignedTo X-Bugzilla-Component: Vulnerabilities -mike I've misunderstood your email. If there are such info I don't have any more solution. The rest lies in Dev's mind and behaviour when they got such email. pgpdAYhHDeRFQ.pgp Description: PGP signature
Re: [gentoo-dev] Gentoo/FreeBSD available for Sparc64
On Tuesday 31 October 2006 04:41, Roy Marples wrote: All modules have to be built into the kernel - kldload causes kernel panics about memory not aligned. I'm pretty sure this is gcc-4 related most likely ... a lot of misalignment issues were found in the linux kernel after moving to gcc-4 (in fact, there are still misalignment crap in parts) so this is almost certainly bugs in the FreeBSD code rather than bad code generation on the part of gcc-4 =gcc-3.4 was much safer when it came to default alignment so no one noticed -mike pgpoiYeulxi7i.pgp Description: PGP signature
[gentoo-dev] Gentoo group on Flickr - repost from pl.g.o
Reposted from http://planet.gentoo.org for the devs who live in caves^H^H^Hdon't read planet.gentoo.org. Best regards, Stu -- http://www.flickr.com/groups/gentoo/ Whilst sat here this morning waiting for the NX packages to build, it occured to me that we don't have our own group on Flickr. Bit odd really, when you think of how many of us enjoy photography as a hobby. Well, we do now :) So, if you're a Gentoo dev, come join the group, and share your photos with the rest of us :) Let's see if, between us, we can build a rich and varied view of the world that we live, work, and play in. Just one request ... please, no screenies. Let's keep this to photography. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Gentoo group on Flickr - repost from pl.g.o
Stuart Herbert wrote: http://www.flickr.com/groups/gentoo/ My stuff is on lu-zero.deviantart.com, I don't use flikr ^^; lu -- Luca Barbato Gentoo/linux Gentoo/PPC http://dev.gentoo.org/~lu_zero -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
Ciaran McCreesh wrote: On Mon, 30 Oct 2006 22:33:26 +0100 Jakub Moc [EMAIL PROTECTED] wrote: | Ciaran McCreesh napsal(a): | | What on earth are you talking about here? And why almost 6 months | | is not enough for someone to respond on a bug with a simple | | we'll only support newer versions and don't care about MySQL | | 4.0.x any more, go drop it? | | Priorities. The arch teams could be too busy dealing with other bugs | that matter more or too busy dealing with noise bugs. | | Sorry, taking 1 minute to respond on a bug after being poked for a | couple of months is not a matter of priorities, but mere politeness | and common sense. Seriously, you can't work productively with other | people if they can't be bothered to write one sentence for months. There are an awful lot of bugs requiring an awful lot of attention... That does bring up an interesting question though -- at what point do you just ignore the arch and move on so that development can continue? I suppose if you had a nasty security verbump you needed to release, you could keyword it yourself, but for everything else, what's the best way to handle those if you are perpetually ignored? Steve -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 16:36:13 +0100 Stuart Herbert [EMAIL PROTECTED] wrote: Would it be possible to have some arch team leaders join in this debate? Atm, it just seems to be bouncing back and forwards between package maintainers asking questions, and a Gentoo user filling the void left by the responses from the arch team folks. Having a system that actually works is usually reckoned to be more important than patching minor security holes on architectures that aren't security-supported anyway. On systems that are almost never used in production or in externally visible roles, security bugs are much akin to simple enhancements to a package that already works, and fixing packages that don't work takes precedence. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tuesday 31 October 2006 16:02, Stuart Herbert wrote: 3) ?? Profit -- Roy Marples [EMAIL PROTECTED] Gentoo Developer (baselayout, networking) -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tuesday 31 October 2006 14:46, Steve Dibb wrote: That does bring up an interesting question though -- at what point do you just ignore the arch and move on so that development can continue? I just ignore the arches these days. After all, they ignore me. dhcp clients where modified to be independant of baselayout and arches had stable bugs for these. baselayout-1.12 then went stable even though the required dhcp clients for the more obscure arches did not. As of right now, baselayout-1.12 is stable on arm, but udhcpc will not work on it unless they use unstable udhcpc. Another example - kbd-1.12-r8 has a patch to fix loading unimaps, which a user submitted patch for console font needs. I've just filed a stable request for it even though r7 has got an outstanding stable bug for almost 2 months. How long should I wait before I wang a fixed consoelfont script into baselayout that relies on this? With all the of the above considered, imagine the irony of me filing a stable bug for kbd-1.12-r8 and someone stabling it on sparc :P -- Roy Marples [EMAIL PROTECTED] Gentoo Developer (baselayout, networking) -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
Stuart Herbert wrote: On 10/31/06, Ciaran McCreesh [EMAIL PROTECTED] wrote: Uh, security bugs are not the highest priority. Would it be possible to have some arch team leaders join in this debate? Atm, it just seems to be bouncing back and forwards between package maintainers asking questions, and a Gentoo user filling the void left by the responses from the arch team folks. You do realize that Ciaran *was* a member of several arch teams, right? I would agree with pretty much everything he has said on this topic. Perhaps you should consider that the reason that not many arch team folks have chipped in is because we agree with him. Don't dismiss his responses as noise from some random Gentoo user who has no idea what they are talking about. You should know better then that Stuart. (Or, to put it another way, I'm not sure anyone's actually learning anything here, except for Ciaran's personal opinions on how he'd like things to be). Or, to put it this way, I'm not sure anyone is actually getting the point, simply because they would rather stick their heads in the sand instead of actually listening to something Ciaran has to say. -Steve -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On 10/31/06, Ciaran McCreesh [EMAIL PROTECTED] wrote: Uh, security bugs are not the highest priority. Would it be possible to have some arch team leaders join in this debate? Atm, it just seems to be bouncing back and forwards between package maintainers asking questions, and a Gentoo user filling the void left by the responses from the arch team folks. (Or, to put it another way, I'm not sure anyone's actually learning anything here, except for Ciaran's personal opinions on how he'd like things to be). Many thanks, Stu -- -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 12:30:24 -0500 Alec Warner [EMAIL PROTECTED] wrote: | I'm just trying to make my life as an ebuild maintainer easier. This | means some individuals may file bugs against an old crusty version of | a package that I maintain because $arch hasn't keyworded a newer | version yet. Then I have to tell the user that they are using a | crusty old version and to use a newer one. Double bonus if they are | actually using said $arch and need to keyword the newer version | themselves. Well, if that happens, it increases the priority of keywording the new version. Because once users start to care, things are more important. -- Ciaran McCreesh Mail: ciaranm at ciaranm.org Web : http://ciaranm.org/ as-needed is broken : http://ciaranm.org/show_post.pl?post_id=13 signature.asc Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 17:02:46 +0100 Stuart Herbert [EMAIL PROTECTED] wrote: 1) Leave the older versions in the tree, even though they are insecure and possibly/probably no longer supported by package maintainers. This keeps minority arches happy at the expense of the larger group of package maintainers. How exactly does this affect package maintainers, apart from the cosmetic problems of having an old ebuild lying around? As far as I can see, it doesn't affect the maintenance burden, since if the arch still using the old version needs a fix present in the newer versions they can just keyword one of those, and if the fix isn't present it doesn't much matter which ebuild(s) get it applied. The original request not to remove an arch's latest stable ebuild seems reasonable enough to me -- we're not asking package maintainers to support or update things that they wouldn't otherwise, merely not to be so hasty about removing them from the tree since they might still be of use to someone. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
Stephen Bennett napsal(a): On Tue, 31 Oct 2006 18:18:26 +0100 Jakub Moc [EMAIL PROTECTED] wrote: Sure I did... Could you tell me why should we accumulate broken and vulnerable junk in the tree for years? (Outdated ebuild A depends on junky outdated ebuild B which depends on crappy, unsupported ebuilds C, D and E which... ) To avoid breaking the dep tree for users. Quite simple really. Ah. That's apparently much more important than not breaking users by providing them w/ non-vulnerable, decently uptodate stuff that's not ridden by tons of bugs. Yup. :P -- Best regards, Jakub Moc mailto:[EMAIL PROTECTED] GPG signature: http://subkeys.pgp.net:11371/pks/lookup?op=getsearch=0xCEBA3D9E Primary key fingerprint: D2D7 933C 9BA1 C95B 2C95 B30F 8717 D5FD CEBA 3D9E ... still no signature ;) signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 17:02:46 +0100 Stuart Herbert [EMAIL PROTECTED] wrote: | 2) Or, remove the older versions from the tree after a suitable | waiting period (say, 3 months for arguments sake). This will keep | package maintainers happy, and our users (less cruft in the tree to | rsync and metadata-cache), but causes real trouble for minority | arches. Users are generally not happy when they see big flashy !!! error messages when trying to update their systems... -- Ciaran McCreesh Mail: ciaranm at ciaranm.org Web : http://ciaranm.org/ as-needed is broken : http://ciaranm.org/show_post.pl?post_id=13 signature.asc Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 31 Oct 2006, Stuart Herbert wrote: On 10/31/06, Ciaran McCreesh [EMAIL PROTECTED] wrote: Uh, security bugs are not the highest priority. Would it be possible to have some arch team leaders join in this debate? Atm, it just seems to be bouncing back and forwards between package maintainers asking questions, and a Gentoo user filling the void left by the responses from the arch team folks. Well, lets use an example. If SPARC had a breakage in the system profile and a security bug in say, phpmyadmin, the system profile breakage is going to take priority as it impacts every SPARC user's ability to use and/or install Gentoo on Linux/SPARC. However, phpmyadmin impacts a much smaller segment of the Gentoo Linux/SPARC user base, so its not as much of a problem. Obviously some of this is going to be relative. If the security issue was a remote unauthorized DoS, buffer overflow resulting in a root shell particularly in the system profile packages, then it would probably take priority over the latest request to stabilize or add testing keywords to random package maintainer's package. That being said, Gentoo Linux/SPARC normally does try to handle Security issues before others if the others aren't critical. Cheers, - -- Jason Wever Gentoo/Sparc Team Co-Lead -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFR3IBdKvgdVioq28RArMdAJ49AsBl3DjtA5n22atL7FpY0jYwVACeLeV7 PPBLoaGVvBRWQRh3Qnn1VLs= =BAvM -END PGP SIGNATURE- -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On 10/31/06, Stephen Bennett [EMAIL PROTECTED] wrote: Having a system that actually works is usually reckoned to be more important than patching minor security holes on architectures that aren't security-supported anyway. On systems that are almost never used in production or in externally visible roles, security bugs are much akin to simple enhancements to a package that already works, and fixing packages that don't work takes precedence. Thanks for that. It's much appreciated. This leaves package maintainers in the situation that there are 'old'/'insecure'/insert preferred adjective here versions of packages that are hanging around only because arches have fallen behind. Package maintainers want to be able to remove these old versions, but currently cannot because of keywording-lag. At the moment, it looks like there are a few choices: 1) Leave the older versions in the tree, even though they are insecure and possibly/probably no longer supported by package maintainers. This keeps minority arches happy at the expense of the larger group of package maintainers. 2) Or, remove the older versions from the tree after a suitable waiting period (say, 3 months for arguments sake). This will keep package maintainers happy, and our users (less cruft in the tree to rsync and metadata-cache), but causes real trouble for minority arches. 3) ?? Best regards, Stu -- -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 11:57:37 -0500 Alec Warner [EMAIL PROTECTED] wrote: | I picked a random e-mail to reply to. I don't maintain that many | packages (maybe 10 or so?). But if I have a bug (particularly a sec | bug as in this case) and you haven't stablized it after five months | then I'll probably just nuke the ebuild and drop your keywords Which is dumb. There's no harm to be had in just leaving the ebuild there. -- Ciaran McCreesh Mail: ciaranm at ciaranm.org Web : http://ciaranm.org/ as-needed is broken : http://ciaranm.org/show_post.pl?post_id=13 signature.asc Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
Dnia wtorek, 31 października 2006 17:04, Stephen P. Becker napisał: [snip] Don't dismiss his responses as noise from some random Gentoo user who has no idea what they are talking about. You should know better then that Stuart. -Steve This Random Gentoo user as you wrote says no noise but tried to help. From your email I read that you're Dev'tha boss and common gentoo user has nothing to add, because he is not a dev'tha boss. This list is public and everyone could write to it if he has something important to add so don't dismiss users comments because of that he is not a dev. If you don't agree with my proposal ok, but I got a right to write and you cannot take it from me. No flame at all. Just wanna help. Greets Paweł Madej pgpu9rXTCMyvw.pgp Description: PGP signature
Re: [gentoo-dev] Global USE flags (Was: mp layer global use flag)
Jim Ramsay [EMAIL PROTECTED] 31 października 2006 04:49 +0100 napisał: On Sat, Oct 28, 2006 at 05:23:50PM +0200, Arfrever wrote: In connection with latest globalization of mplayer USE flag I would like to ask for globalizing cairo, openexr and udev USE flags. These flags are used by enough amount of packages. I vote for a 'libnotify' global USE flag. It is used now by 11 packages in use.local.desc and does the same thing in all of them - Allows popups via libnotify (or dbus+notification-daemon, which amounts to the same thing). So I would like to ask for globalizing at least cairo, openexr and libnotify USE flags. -- Arfrever F. Taifersar A. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
Ciaran McCreesh napsal(a): On Tue, 31 Oct 2006 11:57:37 -0500 Alec Warner [EMAIL PROTECTED] wrote: | I picked a random e-mail to reply to. I don't maintain that many | packages (maybe 10 or so?). But if I have a bug (particularly a sec | bug as in this case) and you haven't stablized it after five months | then I'll probably just nuke the ebuild and drop your keywords Which is dumb. There's no harm to be had in just leaving the ebuild there. Accumulating broken old vulnerable and unsupported junk in tree for the sole sake of arches that noone cares about enough to keyword something newer for months harms everyone who uses rsync, wastes disk space for users, wastes disk space on mirrors, makes CVS and portage slower, wastes maintainers time... No harm? Nonsense. -- Best regards, Jakub Moc mailto:[EMAIL PROTECTED] GPG signature: http://subkeys.pgp.net:11371/pks/lookup?op=getsearch=0xCEBA3D9E Primary key fingerprint: D2D7 933C 9BA1 C95B 2C95 B30F 8717 D5FD CEBA 3D9E ... still no signature ;) signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 17:16:31 +0100 Stuart Herbert [EMAIL PROTECTED] wrote: Arch team leaders set policy on this issues, not Ciaran. Which they did a long time ago, which he got to know at that time, and which haven't substantively changed since then. He's as well qualified as anyone to answer, especially since he's still more closely involved than many, I would dare say most, current developers in their everyday activities. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 2006-31-10 at 17:02 +0100, Stuart Herbert wrote: This leaves package maintainers in the situation that there are 'old'/'insecure'/insert preferred adjective here versions of packages that are hanging around only because arches have fallen behind. Package maintainers want to be able to remove these old versions, but currently cannot because of keywording-lag. [...] 3) ?? What about, package maintainers remove all of the other keywords from said broken version and add a nasty ewarning message to the pkg_postinst like this version has a known security problem, dont use it, bitch to your arch team if you're not happy... -- Olivier Crête [EMAIL PROTECTED] Gentoo Developer -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, Oct 31, 2006 at 06:18:26PM +0100, Jakub Moc wrote: Sure I did... Could you tell me why should we accumulate broken and vulnerable junk in the tree for years? (Outdated ebuild A depends on junky outdated ebuild B which depends on crappy, unsupported ebuilds C, D and E which... ) Thats not the maintainer's problem but the Arch Team's problem so they are the ones that decide what to do. Either keyword it in a reasonable time or you'll lose the keyword, damn simple... Can't do it in X months? Sorry, too bad for your arch, the package is gone and users will rant (or they won't, and then you don't need the keywords in the first place). No. Arch Teams manage their keywords the way _they_ want not the way YOU or others that don't work on arch teams want. It is actually *that* simple. - ferdy -- Fernando J. Pereda Garcimartín Gentoo Developer (Alpha,net-mail,mutt,git) 20BB BDC3 761A 4781 E6ED ED0B 0A48 5B0C 60BD 28D4 pgpMx13985eWE.pgp Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 18:23:49 +0100 Jakub Moc [EMAIL PROTECTED] wrote: | Ciaran McCreesh napsal(a): | On Tue, 31 Oct 2006 11:57:37 -0500 Alec Warner [EMAIL PROTECTED] | wrote: | | I picked a random e-mail to reply to. I don't maintain that many | | packages (maybe 10 or so?). But if I have a bug (particularly a | | sec bug as in this case) and you haven't stablized it after five | | months then I'll probably just nuke the ebuild and drop your | | keywords | | Which is dumb. There's no harm to be had in just leaving the ebuild | there. | | Accumulating broken old vulnerable and unsupported junk in tree There is no accumulation. It's already there. And if packages are that bad, perhaps you should ask yourself why they have a stable keyword at all. | for the sole sake of arches that noone cares about enough to keyword | something newer for months If you're taking that argument, one could just as easily claim that the packages should be removed entirely since the arch teams don't care enough to keyword them. -- Ciaran McCreesh Mail: ciaranm at ciaranm.org Web : http://ciaranm.org/ as-needed is broken : http://ciaranm.org/show_post.pl?post_id=13 signature.asc Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, Oct 31, 2006 at 05:05:21PM +, Stephen Bennett wrote: On Tue, 31 Oct 2006 17:57:06 +0100 Jakub Moc [EMAIL PROTECTED] wrote: Of course it does... Lots of people can't remove outdated broken cruft because $ebuild still depends on something since $arch has been slacking for months. Lots of people are forced to maintain outdated junk in this way, it's not like it's just sitting there doing nothing. Did you even read my mail? We're not asking people to maintain old stuff, just to leave it there as is until a newer one can be tested and keyworded. No he didn't, and he probably won't. I've tried to explain this at least once in #gentoo-qa and he didn't seem to *want+ to understand it. Maybe we aren't being clear enough... - ferdy -- Fernando J. Pereda Garcimartín Gentoo Developer (Alpha,net-mail,mutt,git) 20BB BDC3 761A 4781 E6ED ED0B 0A48 5B0C 60BD 28D4 pgpAzaT7s7Kvr.pgp Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
Stephen Bennett napsal(a): On Tue, 31 Oct 2006 17:57:06 +0100 Jakub Moc [EMAIL PROTECTED] wrote: Of course it does... Lots of people can't remove outdated broken cruft because $ebuild still depends on something since $arch has been slacking for months. Lots of people are forced to maintain outdated junk in this way, it's not like it's just sitting there doing nothing. Did you even read my mail? We're not asking people to maintain old stuff, just to leave it there as is until a newer one can be tested and keyworded. Sure I did... Could you tell me why should we accumulate broken and vulnerable junk in the tree for years? (Outdated ebuild A depends on junky outdated ebuild B which depends on crappy, unsupported ebuilds C, D and E which... ) Either keyword it in a reasonable time or you'll lose the keyword, damn simple... Can't do it in X months? Sorry, too bad for your arch, the package is gone and users will rant (or they won't, and then you don't need the keywords in the first place). -- Best regards, Jakub Moc mailto:[EMAIL PROTECTED] GPG signature: http://subkeys.pgp.net:11371/pks/lookup?op=getsearch=0xCEBA3D9E Primary key fingerprint: D2D7 933C 9BA1 C95B 2C95 B30F 8717 D5FD CEBA 3D9E ... still no signature ;) signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 18:18:26 +0100 Jakub Moc [EMAIL PROTECTED] wrote: Sure I did... Could you tell me why should we accumulate broken and vulnerable junk in the tree for years? (Outdated ebuild A depends on junky outdated ebuild B which depends on crappy, unsupported ebuilds C, D and E which... ) To avoid breaking the dep tree for users. Quite simple really. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
Steve Dibb wrote: Ciaran McCreesh wrote: On Mon, 30 Oct 2006 22:33:26 +0100 Jakub Moc [EMAIL PROTECTED] wrote: | Ciaran McCreesh napsal(a): | | What on earth are you talking about here? And why almost 6 months | | is not enough for someone to respond on a bug with a simple | | we'll only support newer versions and don't care about MySQL | | 4.0.x any more, go drop it? | | Priorities. The arch teams could be too busy dealing with other bugs | that matter more or too busy dealing with noise bugs. | | Sorry, taking 1 minute to respond on a bug after being poked for a | couple of months is not a matter of priorities, but mere politeness | and common sense. Seriously, you can't work productively with other | people if they can't be bothered to write one sentence for months. There are an awful lot of bugs requiring an awful lot of attention... That does bring up an interesting question though -- at what point do you just ignore the arch and move on so that development can continue? I suppose if you had a nasty security verbump you needed to release, you could keyword it yourself, but for everything else, what's the best way to handle those if you are perpetually ignored? Steve I picked a random e-mail to reply to. I don't maintain that many packages (maybe 10 or so?). But if I have a bug (particularly a sec bug as in this case) and you haven't stablized it after five months then I'll probably just nuke the ebuild and drop your keywords and then change the bug title to $arch got it's keywords dropped. Now of course I'd probably e-mail your alias a couple of times letting on that this is my evil plan and to please try and get to my bug. As an arch team you may not like it; and yeah it kind of sucks. If you want your keyword back there will still be a bug open for it and the arch team can always keyword it themselves. You can ask that we make a good faith attempt to not break the arch trees, and I think thats an acceptable request. But eventually I'm going to give up waiting on you. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 17:57:06 +0100 Jakub Moc [EMAIL PROTECTED] wrote: Of course it does... Lots of people can't remove outdated broken cruft because $ebuild still depends on something since $arch has been slacking for months. Lots of people are forced to maintain outdated junk in this way, it's not like it's just sitting there doing nothing. Did you even read my mail? We're not asking people to maintain old stuff, just to leave it there as is until a newer one can be tested and keyworded. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 17:57:06 +0100 Jakub Moc [EMAIL PROTECTED] wrote: | How exactly does this affect package maintainers, apart from the | cosmetic problems of having an old ebuild lying around? As far as I | can see, it doesn't affect the maintenance burden, | | Of course it does... Lots of people can't remove outdated broken cruft | because $ebuild still depends on something since $arch has been | slacking for months. Lots of people are forced to maintain outdated | junk in this way, it's not like it's just sitting there doing nothing. Uh, dude... If people are maintaining out of date packages, they're doing something wrong. Old packages, by and large, should *not* be modified. | So again, if some arch can't be bothered to answer keywording bugs for | months, no point in complaining that the maintainer finally gets | pissed off enough to just punt the last ebuild keyworded for that | arch. Simply leaving those ebuilds alone takes no effort. -- Ciaran McCreesh Mail: ciaranm at ciaranm.org Web : http://ciaranm.org/ as-needed is broken : http://ciaranm.org/show_post.pl?post_id=13 signature.asc Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
Ciaran McCreesh wrote: On Tue, 31 Oct 2006 11:57:37 -0500 Alec Warner [EMAIL PROTECTED] wrote: | I picked a random e-mail to reply to. I don't maintain that many | packages (maybe 10 or so?). But if I have a bug (particularly a sec | bug as in this case) and you haven't stablized it after five months | then I'll probably just nuke the ebuild and drop your keywords Which is dumb. There's no harm to be had in just leaving the ebuild there. I'm just trying to make my life as an ebuild maintainer easier. This means some individuals may file bugs against an old crusty version of a package that I maintain because $arch hasn't keyworded a newer version yet. Then I have to tell the user that they are using a crusty old version and to use a newer one. Double bonus if they are actually using said $arch and need to keyword the newer version themselves. I'll admit I've never had to drop keywords on anything thus far; I'm merely stating what I would do in such a situation. Your point prior was that you weren't asking maintainers to maintain anything extra, but to leave the old ebuilds in place for the given $arches. The small issue is that ebuilds in place imply maintainership; even if it's just to tell the user to use a newer version. On the topic of old ebuilds; situations may arise where a particular maintainer is trying to clean out a version of a package but finds that $arch doesn't have anything newer stable and thus can't do any sort of cleanup for fear of breaking $arch. You will probably again state that maintainer should just leave the older versions around. I will state that at least as a maintainer I'm willing to do so for only a limited period of time. Otherwise it becomes an annoyance when trying to clean up after packages to have ebuilds from three or four minor versions ago lying around. So we disagree on this point. Thats ok too I think ;) -Alec Warner [EMAIL PROTECTED] -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
Ciaran McCreesh napsal(a): | Accumulating broken old vulnerable and unsupported junk in tree There is no accumulation. It's already there. And if packages are that bad, perhaps you should ask yourself why they have a stable keyword at all. Eh, sure there won't be any accumulation of broken junk _if_ the ebuild never gets a version bump. (Then it should probably be removed altogether after a reasonable period of time once it gets broken). That's not what are we talking about here. Otherwise, apparently the junk accumulates there. As an example - it's really wonderful to have 3 KDE slots plus multiple versions for each in the tree just because some arch team hasn't keyworded/stabilized anything newer for ages. Makes everything faster and all... | for the sole sake of arches that noone cares about enough to keyword | something newer for months If you're taking that argument, one could just as easily claim that the packages should be removed entirely since the arch teams don't care enough to keyword them. See above, perhaps? And, we have some ebuilds without any keywords in the tree? If we do, then yes, they should be removed. -- Best regards, Jakub Moc mailto:[EMAIL PROTECTED] GPG signature: http://subkeys.pgp.net:11371/pks/lookup?op=getsearch=0xCEBA3D9E Primary key fingerprint: D2D7 933C 9BA1 C95B 2C95 B30F 8717 D5FD CEBA 3D9E ... still no signature ;) signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 08:57:01 +0100 Paweł Madej [EMAIL PROTECTED] wrote: | I'm not a dev but I suppose i got resolution for that problem. Lets | make another subproject (don't know how to name it properly) in | bugzilla in which there will be only bugs affected by security flaw. | That bugs will have highest priority from every other ones. And devs | would have to look at them firstly Uh, security bugs are not the highest priority. -- Ciaran McCreesh Mail: ciaranm at ciaranm.org Web : http://ciaranm.org/ as-needed is broken : http://ciaranm.org/show_post.pl?post_id=13 signature.asc Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
Ciaran McCreesh wrote: On Tue, 31 Oct 2006 18:50:58 +0100 Jakub Moc [EMAIL PROTECTED] wrote: | Stephen Bennett napsal(a): | On Tue, 31 Oct 2006 18:18:26 +0100 | Jakub Moc [EMAIL PROTECTED] wrote: | | Sure I did... Could you tell me why should we accumulate broken and | vulnerable junk in the tree for years? (Outdated ebuild A depends | on junky outdated ebuild B which depends on crappy, unsupported | ebuilds C, D and E which... ) | | To avoid breaking the dep tree for users. Quite simple really. | | Ah. That's apparently much more important than not breaking users by | providing them w/ non-vulnerable, decently uptodate stuff that's not | ridden by tons of bugs. Yup. :P So if it's ridden by tons of bugs, why did it ever get marked stable? Sometimes bugs are discovered after a stable marking, such as security bugs. You of all people know how crappy some software developers are at releasing bug-free software. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 18:50:58 +0100 Jakub Moc [EMAIL PROTECTED] wrote: Ah. That's apparently much more important than not breaking users by providing them w/ non-vulnerable, decently uptodate stuff that's not ridden by tons of bugs. Yup. :P You've never worked on an arch team, have you? -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 2006-10-31 at 18:23 +0100, Jakub Moc wrote: Ciaran McCreesh napsal(a): On Tue, 31 Oct 2006 11:57:37 -0500 Alec Warner [EMAIL PROTECTED] wrote: | I picked a random e-mail to reply to. I don't maintain that many | packages (maybe 10 or so?). But if I have a bug (particularly a sec | bug as in this case) and you haven't stablized it after five months | then I'll probably just nuke the ebuild and drop your keywords Which is dumb. There's no harm to be had in just leaving the ebuild there. Accumulating broken old vulnerable and unsupported junk in tree for the sole sake of arches that noone cares about enough to keyword something newer for months harms everyone who uses rsync, wastes disk space for users, wastes disk space on mirrors, makes CVS and portage slower, wastes maintainers time... No harm? Nonsense. Well, there's a bit more to it than noone cares about. Biggest problem I have seen (although seldom) is when the fixed version is broken for us. In such cases, we will note the problem on the bug, but obviously will not keyword the fixed version, and we need the old version until the package maintainer corrects the problem. Thus, we have no control over any 5 month, 6 month, forever rule. Regards, Ferris -- Ferris McCormick (P44646, MI) [EMAIL PROTECTED] Developer, Gentoo Linux (Devrel, Sparc) signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, Oct 31, 2006 at 06:50:58PM +0100, Jakub Moc wrote: Ah. That's apparently much more important than not breaking users by providing them w/ non-vulnerable, decently uptodate stuff that's not ridden by tons of bugs. Yup. :P Why do you keep trying to tell arch maintainers how to do their job ? Do I tell you how to do yours ? Users of security-supported archs are not affected so what's your point again ? Assuming you have a valid one, of course, so please don't come back with that maintainters don't want to maintain old/broken stuff kind of argument. I'm both an arch-maintainer and ebuild-maintainer and don't see a problem here... so from your _vast_ experience as both an ebuild-maintainer and arch-maintainer, what's the problem? - ferdy -- Fernando J. Pereda Garcimartín Gentoo Developer (Alpha,net-mail,mutt,git) 20BB BDC3 761A 4781 E6ED ED0B 0A48 5B0C 60BD 28D4 pgpnAnd6PQL1B.pgp Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, Oct 31, 2006 at 07:12:58PM +0100, Jakub Moc wrote: Oh well, this apparently doesn't go anywhere, slacking is just wonderful, maintainers should just STFU and obey the almighty slacking arches, security is the least of a concern and no priority, not answering a on bug for half a year makes lots of sense and all is fine and dandy. More cruft in the tree for t3h win. Yeah, we are so slackers that we are able to maintain a whole tree of keywords with less than 10 persons and less than 10 machines (alpha example). You probably want a shell account on a mips/alpha/... machine so you can start helping, right? - ferdy -- Fernando J. Pereda Garcimartín Gentoo Developer (Alpha,net-mail,mutt,git) 20BB BDC3 761A 4781 E6ED ED0B 0A48 5B0C 60BD 28D4 pgpDeqfGu4dZh.pgp Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 19:12:58 +0100 Jakub Moc [EMAIL PROTECTED] wrote: Oh well, this apparently doesn't go anywhere, slacking is just wonderful, maintainers should just STFU and obey the almighty slacking arches, security is the least of a concern and no priority, not answering a on bug for half a year makes lots of sense and all is fine and dandy. More cruft in the tree for t3h win. When you can find a group that can maintain keywords for the entire tree with fewer than ten people and a similar number of machines averaging 500-600MHz each (to take alpha as an example), or approximately three active devs with machines averaging below 300MHz (mips), then you can accuse the arch teams of slacking. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 2006-10-31 at 17:02 +0100, Stuart Herbert wrote: 3) ?? Get your hands on some of the minority arch hardware and help out? Remember that some of the teams in question are sometimes only one or two people. In this case, a single developer does make a dramatic difference. -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tuesday 31 October 2006 19:51, Chris Gianelloni wrote: Remember that some of the teams in question are sometimes only one or two people. Like x86? :P -- Diego Flameeyes Pettenò - http://farragut.flameeyes.is-a-geek.org/ Gentoo/Alt lead, Gentoo/FreeBSD, Video, Sound, ALSA, PAM, KDE, CJK, Ruby ... pgpHpEwh2pa69.pgp Description: PGP signature
Re: [gentoo-dev] Take this motha to IRC lolz
On Tue, 31 Oct 2006 10:45:02 -0800 Chris White [EMAIL PROTECTED] wrote: | Alright kids, you've been emailing back and forth since 7AM my time | in a frequence of about 5 minute intervals. Just take this motha to | IRC already. Please stop adding to the noise with these worthless posts. You've been doing it a lot lately, and it doesn't contribute anything to the discussion. -- Ciaran McCreesh Mail: ciaranm at ciaranm.org Web : http://ciaranm.org/ as-needed is broken : http://ciaranm.org/show_post.pl?post_id=13 signature.asc Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 2006-10-31 at 20:06 +0100, Diego 'Flameeyes' Pettenò wrote: On Tuesday 31 October 2006 19:51, Chris Gianelloni wrote: Remember that some of the teams in question are sometimes only one or two people. Like x86? :P With Opfer on the team, I think we're at 5 active. -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Only you can prevent broken portage trees
Fernando J. Pereda napsal(a): On Tue, Oct 31, 2006 at 07:12:58PM +0100, Jakub Moc wrote: Oh well, this apparently doesn't go anywhere, slacking is just wonderful, maintainers should just STFU and obey the almighty slacking arches, security is the least of a concern and no priority, not answering a on bug for half a year makes lots of sense and all is fine and dandy. More cruft in the tree for t3h win. Yeah, we are so slackers that we are able to maintain a whole tree of keywords with less than 10 persons and less than 10 machines (alpha example). You probably want a shell account on a mips/alpha/... machine so you can start helping, right? This whole frickin' debate started when vivo mentioned a bug where noone from the concerned arches gave a damn for half a year. Not even uttering a simple we don't care, punt it or we have still an issue with this and are working on it. Then ciaranm came w/ his priorities junk, spb joined to fuel the flame (as always) and then you came horribly offended (for whatever weird reason) about how I'm daring to dictate some arches how they should do their job. OMG how hard is it to post one sentence on such bugs instead of playing a dead horse? Really, stop this nonsense. -- Best regards, Jakub Moc mailto:[EMAIL PROTECTED] GPG signature: http://subkeys.pgp.net:11371/pks/lookup?op=getsearch=0xCEBA3D9E Primary key fingerprint: D2D7 933C 9BA1 C95B 2C95 B30F 8717 D5FD CEBA 3D9E ... still no signature ;) signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Take this motha to IRC lolz
On Tue, Oct 31, 2006 at 06:53:20PM +, Ciaran McCreesh wrote: On Tue, 31 Oct 2006 10:45:02 -0800 Chris White [EMAIL PROTECTED] wrote: | Alright kids, you've been emailing back and forth since 7AM my time | in a frequence of about 5 minute intervals. Just take this motha to | IRC already. Please stop adding to the noise with these worthless posts. You've been doing it a lot lately, and it doesn't contribute anything to the discussion. Hm, seems -dev is choking under that thread already, i never received the email you responded to. So perhaps taking it to irc really is a good idea... cheers, Wernfried -- Wernfried Haas (amne) - amne at gentoo dot org Gentoo Forums: http://forums.gentoo.org IRC: #gentoo-forums on freenode - email: forum-mods at gentoo dot org pgpjD3BccusVU.pgp Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
Hi Chris, On 10/31/06, Chris Gianelloni [EMAIL PROTECTED] wrote: On Tue, 2006-10-31 at 17:02 +0100, Stuart Herbert wrote: 3) ?? Get your hands on some of the minority arch hardware and help out? It's a good idea. It's not an option for me, but hopefully others will follow your advice. Personally, I like the idea of package maintainers updating old ebuilds with a prominent warning that the package is known to have security holes, and then leaving it to the user to decide whether or not to use the package. A suitable elog message (pointing the user at the security bugs in question, and warning them that the package is now unsupported as a result) in pkg_setup would do the trick. If there's any interest in this solution, it'd wouldn't take very long to add a suitable function to the eutils eclass, so that we can standardise the behaviour. Of course, it'd be even better if Portage itself could support this, so that the warning could occur without manual intervention. But in the meantime, adding a simple 'einsecure' function would be sufficient. Any interest? Best regards, Stu -- -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, Oct 31, 2006 at 08:42:54PM +0100, Jakub Moc wrote: Fernando J. Pereda napsal(a): On Tue, Oct 31, 2006 at 07:12:58PM +0100, Jakub Moc wrote: Oh well, this apparently doesn't go anywhere, slacking is just wonderful, maintainers should just STFU and obey the almighty slacking arches, security is the least of a concern and no priority, not answering a on bug for half a year makes lots of sense and all is fine and dandy. More cruft in the tree for t3h win. Yeah, we are so slackers that we are able to maintain a whole tree of keywords with less than 10 persons and less than 10 machines (alpha example). You probably want a shell account on a mips/alpha/... machine so you can start helping, right? This whole frickin' debate started when vivo mentioned a bug where noone from the concerned arches gave a damn for half a year. Not even uttering a simple we don't care, punt it or we have still an issue with this and are working on it. Then ciaranm came w/ his priorities junk, spb joined to fuel the flame (as always) and then you came horribly offended (for whatever weird reason) about how I'm daring to dictate some arches how they should do their job. OMG how hard is it to post one sentence on such bugs instead of playing a dead horse? Really, stop this nonsense. Yes please stop your friggin nonsense when you have absolutely no idea wtf you're talking about. Arch teams are doing everything they can to keep up with bugs but have to take care of things according to how important they are to the team in question. Please go back to bug-wrangling and let the arch teams do their job without throwing all that garbage at us all the time. Regards, Bryan Østergaard -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
OK kids, settle down for a second and listen to your uncle Seemant. First, enough with the insults being hurled around! We don't need people being called slackers and dumb and stupid and whatever other creative labels are being developed. That is absolutely and without a doubt: non-productive. The better alternative might be to approach people with a modicum of respect (swallow the bile). Second, there's an obvious point of frustration here. The arch teams due to being understaffed have a different set of priorities from the security team and a different set of priorities from the maintainers. And this is the correct way for these things to be. Third, the best proposal I've seen here is for developers to get shell accounts on alternate architectures. There's quite a few of them floating around, and I'm pretty sure the arch teams will help you get a shell on one of the boxes somewhere. Some of the arches even have shell boxes for that purpose sitting at OSU or something. This would work for at least the console applications (the visual stuff will be a little trickier). So, that said, I'm going to have to go with the standard advice that Gentoo developers give Gentoo users: if you see a problem, help fix it! Alternatively, there might be reason to have an einsecure() call in pkg_setup() or something for deprecated versions. But let me say again: stop acting disrespectfully of each other, or I'm going to turn this car around and drive us back home, I'm not kidding! And give me some of that popcorn. -- Seemant Kulleen Developer, Gentoo Linux -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, Oct 31, 2006 at 03:23:00PM -0500, Seemant Kulleen wrote: Third, the best proposal I've seen here is for developers to get shell accounts on alternate architectures. There's quite a few of them floating around, and I'm pretty sure the arch teams will help you get a shell on one of the boxes somewhere. Some of the arches even have shell boxes for that purpose sitting at OSU or something. This would work for at least the console applications (the visual stuff will be a little trickier). Just to add a little thing here: Arch teams have been using vnc through ssh to test visual stuff like gnome, kde, xfce and their respective mothers, for years. So testing visual stuff remotely *is* possible. - ferdy -- Fernando J. Pereda Garcimartín Gentoo Developer (Alpha,net-mail,mutt,git) 20BB BDC3 761A 4781 E6ED ED0B 0A48 5B0C 60BD 28D4 pgpZgswJbGLmJ.pgp Description: PGP signature
Re: [gentoo-dev] Only you can prevent broken portage trees
On Tue, 31 Oct 2006 21:34:13 +0100 Fernando J. Pereda [EMAIL PROTECTED] wrote: | On Tue, Oct 31, 2006 at 03:23:00PM -0500, Seemant Kulleen wrote: | Third, the best proposal I've seen here is for developers to get | shell accounts on alternate architectures. There's quite a few of | them floating around, and I'm pretty sure the arch teams will help | you get a shell on one of the boxes somewhere. Some of the arches | even have shell boxes for that purpose sitting at OSU or | something. This would work for at least the console applications | (the visual stuff will be a little trickier). | | Just to add a little thing here: | | Arch teams have been using vnc through ssh to test visual stuff like | gnome, kde, xfce and their respective mothers, for years. | | So testing visual stuff remotely *is* possible. Kind of... You won't, for example, have picked up the endian bug in urxvt by doing that. -- Ciaran McCreesh Mail: ciaranm at ciaranm.org Web : http://ciaranm.org/ as-needed is broken : http://ciaranm.org/show_post.pl?post_id=13 signature.asc Description: PGP signature
[gentoo-dev] Call For Interest: Scale5x
Scale5X announcement just hit my inbox, so away we go. Scale 5X will be taking place at: http://www.starwoodhotels.com/westin/property/overview/index.html?propertyID=1005 The Westin Los Angeles Airport from Feb. 10-11 2007 (That's a Saturday/Sunday). I had strong plans on going, but with recent project deadlines being shifted around, I'm not sure if I'll be able to attend. However I'd like to pass on information if we have people willing to do the boothing stuff. I'll try and get more information together soon. The physical specifications, etc. of the booths were given pretty late last year, but I'll try and find out if they have some remote idea. -- Chris White Gentoo Developer aka: xx (Scissors Were Here) xx pgpl9Ce7WRmJ4.pgp Description: PGP signature
Re: [gentoo-dev] Call For Interest: Scale5x
On Tue, 2006-10-31 at 14:36 -0800, Chris White wrote: Scale5X announcement just hit my inbox, so away we go. Scale 5X will be taking place at: http://www.starwoodhotels.com/westin/property/overview/index.html?propertyID=1005 The Westin Los Angeles Airport from Feb. 10-11 2007 (That's a Saturday/Sunday). I had strong plans on going, but with recent project deadlines being shifted around, I'm not sure if I'll be able to attend. However I'd like to pass on information if we have people willing to do the boothing stuff. I'll try and get more information together soon. The physical specifications, etc. of the booths were given pretty late last year, but I'll try and find out if they have some remote idea. Ah, sorry! Graham, the community coordinator for Scale already asked us to be present some while back and I said 'Ya.' I know myself, nightmorph, probably omp, perhaps spb atleast are intending to man the booth. :) -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Call For Interest: Scale5x
Peter Johanson wrote: LA is easy for me, living in OC. Will try my hardest to make this/help out. -pete Latexer... you're still dead to me for leaving NY for OC as you term it. It pains me to have to tell you this. -- Doug Goldstein [EMAIL PROTECTED] http://dev.gentoo.org/~cardoe/ signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Only you can prevent broken portage trees
Francesco Riosa ha scritto: [...] http://bugs.gentoo.org/show_bug.cgi?id=149626 I'm going to die then, scheduled on 2006-11-05 If keywording without archs support is only gambling I'll go that route [...] Worried that this can cause a flameware I already updated the ebuild: - it now use the eclass - the only stable keywords now are those of the arch not having a better version please don't tell anyone, I'm really worried it can cause a flamefest. in the meantime the ~sparc-fbsd keyword reached the package, very happy for that :) but I've keyworded DBI and DBD (perl stuff) to satisfy the deps. Repoman was stil complaining about missin KEY on '=perl-core/Sys-Syslog-0.17' '=dev-perl/PlRPC-0.2' on dev-perl/DBI ciao, Francesco -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Call For Interest: Scale5x
Christel Dahlskjaer wrote: Ah, sorry! Graham, the community coordinator for Scale already asked us to be present some while back and I said 'Ya.' I know myself, nightmorph, probably omp, perhaps spb atleast are intending to man the booth. :) Although I'm not completely sure yet, I am assuming that I should be able to attend, as I live only ~25 miles away from LAX. Looking forward to it. :) -- David Shakaryan GnuPG Public Key: 0x4B8FE14B signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Call For Interest: Scale5x
I'm in the northern part of Orange County, so this is a rather small trip for me to get there. Assuming all is well, I may (hopefully) be able to attend at least one of the days! Woo! -- Peter Gordon (codergeek42) Gentoo Forums Global Moderator GnuPG Public Key ID: 0xFFC19479 / Fingerprint: DD68 A414 56BD 6368 D957 9666 4268 CB7A FFC1 9479 My Blog: http://thecodergeek.com/blog/ signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Call For Interest: Scale5x
On Tue, 2006-10-31 at 16:41 -0800, David Shakaryan wrote: Although I'm not completely sure yet, I am assuming that I should be able to attend, as I live only ~25 miles away from LAX. Looking forward to it. :) Lunch at BURGER KING. Awesome. :D -- Peter Gordon (codergeek42) Gentoo Forums Global Moderator GnuPG Public Key ID: 0xFFC19479 / Fingerprint: DD68 A414 56BD 6368 D957 9666 4268 CB7A FFC1 9479 My Blog: http://thecodergeek.com/blog/ -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Call For Interest: Scale5x
Peter Gordon wrote: On Tue, 2006-10-31 at 16:41 -0800, David Shakaryan wrote: Although I'm not completely sure yet, I am assuming that I should be able to attend, as I live only ~25 miles away from LAX. Looking forward to it. :) Lunch at BURGER KING. Awesome. :D Indeed! That's the top priority for Chris and me. ;) -- David Shakaryan GnuPG Public Key: 0x4B8FE14B signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Call For Interest: Scale5x
On Tue, 31 Oct 2006, Chris White wrote: Scale5X announcement just hit my inbox, so away we go. Scale 5X will be taking place at: http://www.starwoodhotels.com/westin/property/overview/index.html?propertyID=1005 The Westin Los Angeles Airport from Feb. 10-11 2007 (That's a Saturday/Sunday). I had strong plans on going, but with recent project deadlines being shifted around, I'm not sure if I'll be able to attend. However I'd like to pass on information if we have people willing to do the boothing stuff. I'm going! I've been to every SCALE except for last year, when my sister-in-law inconsiderately chose to hold her wedding on the same weeked in another state ;P For those of you still trying to decide, I highly recommend it as a conference. For me it was much more fun than LWE west coast. High-lights in the past have included talks from Robert Love, Andrew Morton, Andrew Tridgell... -- gentoo-dev@gentoo.org mailing list
