Re: [gentoo-dev] Add GOBIN to ENV_UNSET in make.defaults
On 10/20/2018 04:21 AM, Pacho Ramos wrote: > It seems that random values in GOBIN can affect the building of some packages: > https://bugs.gentoo.org/631776 > https://bugs.gentoo.org/636506 > https://bugs.gentoo.org/638572 > > I would then append it to ENV_UNSET in make.defaults to get that variable > unset > without needing to do the same for every ebuild that could be affected by this > > Any issues against this? Seems reasonable, since the only purpose of GOBIN is to override the directory where 'go install' will install a command. If we unset it unconditionally, it means that the location will predictably default to GOPATH/bin, which is exactly what we want. We could handle it in the golang-build_src_install function, but that wouldn't cover things that call 'go install' via a script or Makefile. > Thanks > -- Thanks, Zac signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Is there any way I can help with pull requests?
On 10/20/2018 04:05 AM, Mikle Kolyada wrote: > > ... > Ok, thanks for clarifying. I wanted to be sure that I wasn't getting anyone into trouble by suggesting that they look into the quizzes (if they are really willing to put in the effort).
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Sat, Oct 20, 2018 at 8:19 AM Andreas Sturmlechner wrote: > > On Freitag, 12. Oktober 2018 14:50:55 CEST Rich Freeman wrote: > > ARM is not a Gentoo security supported arch. > > > > If the ARM maintainers feel that stable keywords make the lives of > > their users better, and it isn't causing problems for anybody else, > > I'm not sure why we should be interfering with this. > > That's interesting. If it's not security supported, does that mean we can > simply clean up vulnerable versions and drop every arm revdep to ~arm? > > Or are we supposed to keep vulnerable versions around and drop every keyword > except arm? > Setting aside the security supported flag that was already discussed, there is also a council decision regarding this general topic [1]. The only issue is that I'm not certain if it was intended to apply to ARM, or only to specific arches [2]. The last policy was: "If a maintainer has an open STABLEREQ, or a KEYWORDREQ blocking a pending STABLEREQ, for 90 days with archs CCed and otherwise ready to be stabilized, the maintainer can remove older versions of the package at their discretion. A package is considered ready to be stabilized if it has been in the tree for 30 days, and has no known major flaws on arches that upstream considers supported." [1] IMO that was written generically enough that it could apply anywhere, but that is up to the Council. In theory it could even be safely applied to x86/amd64, especially since maintainers can self-stabilize/keyword on those arches typically. [1] - https://projects.gentoo.org/council/meeting-logs/20131119-summary.txt [2] - https://projects.gentoo.org/council/meeting-logs/20130917-summary.txt -- Rich
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On 20.10.2018 15:26, Andreas Sturmlechner wrote: > On Samstag, 20. Oktober 2018 14:22:04 CEST Mikle Kolyada wrote: >> No, keywords status is irrelevant, it is for the security team meaning >> that they can >> release a glsa w/o waiting for the stabilization of the security >> unsupported arches > In my experience glsa only happens after cleanup, and cleanup only happens > after every arch was done. > > > that's not mandatory, that is what security support means
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Samstag, 20. Oktober 2018 14:22:04 CEST Mikle Kolyada wrote: > No, keywords status is irrelevant, it is for the security team meaning > that they can > release a glsa w/o waiting for the stabilization of the security > unsupported arches In my experience glsa only happens after cleanup, and cleanup only happens after every arch was done.
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On 20.10.2018 15:19, Andreas Sturmlechner wrote: > On Freitag, 12. Oktober 2018 14:50:55 CEST Rich Freeman wrote: >> ARM is not a Gentoo security supported arch. >> >> If the ARM maintainers feel that stable keywords make the lives of >> their users better, and it isn't causing problems for anybody else, >> I'm not sure why we should be interfering with this. > That's interesting. If it's not security supported, does that mean we can > simply clean up vulnerable versions and drop every arm revdep to ~arm? > > Or are we supposed to keep vulnerable versions around and drop every keyword > except arm? > > Either way means extra care for this arch. > > > > No, keywords status is irrelevant, it is for the security team meaning that they can release a glsa w/o waiting for the stabilization of the security unsupported arches signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] net-dns/dnssec-root: Blind stable on arm, critical bug 667774
On Freitag, 12. Oktober 2018 14:50:55 CEST Rich Freeman wrote: > ARM is not a Gentoo security supported arch. > > If the ARM maintainers feel that stable keywords make the lives of > their users better, and it isn't causing problems for anybody else, > I'm not sure why we should be interfering with this. That's interesting. If it's not security supported, does that mean we can simply clean up vulnerable versions and drop every arm revdep to ~arm? Or are we supposed to keep vulnerable versions around and drop every keyword except arm? Either way means extra care for this arch.
[gentoo-dev] Add GOBIN to ENV_UNSET in make.defaults
It seems that random values in GOBIN can affect the building of some packages: https://bugs.gentoo.org/631776 https://bugs.gentoo.org/636506 https://bugs.gentoo.org/638572 I would then append it to ENV_UNSET in make.defaults to get that variable unset without needing to do the same for every ebuild that could be affected by this Any issues against this? Thanks signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [RFC] Removing barely used global flags
On Sat, 20 Oct 2018 12:41:03 +0200 Michał Górny wrote: > We seem to have a lot of global flags that are used only by a few > packages. How about moving them to local flags? List of flags with > less than 5 packages using them, ordered by use count, follows. Where > applicable, local flag descriptions are listed. I'm mostly in favour. Only a handful in the '3 uses' category strike me as useful because they seem likely to be used by other packages in future. ( matroska ) It would also be curious to see this list reorganised by cat/pn useflag(arity) Particularly because it seems a lot of those global useflags have php as their primary offender. pgpP9yeOmJVhE.pgp Description: OpenPGP digital signature
[gentoo-dev] [RFC] Removing barely used global flags
Hi, We seem to have a lot of global flags that are used only by a few packages. How about moving them to local flags? List of flags with less than 5 packages using them, ordered by use count, follows. Where applicable, local flag descriptions are listed. bcmath (1 uses): dev-lang/php: (global) boundschecking (1 uses): sys-devel/gcc: (global) bsf (1 uses): dev-java/ant: (global) ctype (1 uses): dev-lang/php: (global) directfb (1 uses): media-libs/libggi: (global) enscript (1 uses): www-apps/websvn: (global) evo (1 uses): net-mail/lbdb: (global) foomaticdb (1 uses): net-print/lprng: (global) inifile (1 uses): dev-lang/php: (global) iwmmxt (1 uses): x11-libs/pixman: (global) memlimit (1 uses): app-emulation/fuse: (global) migemo (1 uses): www-client/jd: (global) mozilla (1 uses): app-crypt/johntheripper: Support mozilla password cracking netboot (1 uses): sys-boot/grub: (global) pcntl (1 uses): dev-lang/php: (global) seamonkey (1 uses): sci-chemistry/ghemical: (global) sharedmem (1 uses): dev-lang/php: (global) shorten (1 uses): media-sound/shntool: (global) simplexml (1 uses): dev-lang/php: (global) sybase (1 uses): dev-db/sqldeveloper: (global) sybase-ct (1 uses): dev-lang/php: (global) sysvipc (1 uses): dev-lang/php: (global) tokenizer (1 uses): dev-lang/php: (global) wddx (1 uses): dev-lang/php: (global) yaz (1 uses): kde-misc/tellico: (global) big-endian (2 uses): dev-haskell/skein: When manually selecting the endianness, use big- endian (default is little-endian) dev-java/icedtea-bin: (global) bootstrap (2 uses): dev-lang/gnat-gpl: (global) sys-devel/gcc-apple: (global) cscope (2 uses): app-editors/gvim: (global) app-editors/vim: (global) dbm (2 uses): app-misc/note: (global) www-servers/ocsigenserver: (global) flatfile (2 uses): dev-lang/php: (global) net-mail/tpop3d: Enable authentication against /etc/passwd-style flat files gcj (2 uses): dev-lang/gnat-gpl: (global) sys-devel/gcc: (global) icq (2 uses): net-im/ayttm: (global) net-im/telepathy-connection-managers: (global) libwww (2 uses): dev-perl/POE: (global) dev-tex/html2latex: (global) milter (2 uses): app-antivirus/clamav: (global) mail-filter/dcc: (global) mime (2 uses): dev-libs/glib: Pull in shared MIME database that many glib-based applications require at runtime to detect or open files. Warning: do not disable this flag unless installing on a headless server. net-nntp/tin: (global) mule (2 uses): app-editors/xemacs: (global) app-xemacs/xemacs-packages-all: (global) oci8-instant-client (2 uses): dev-lang/php: (global) dev-php/PEAR-MDB2: (global) plotutils (2 uses): media-gfx/pstoedit: (global) sci-electronics/gwave: (global) ppds (2 uses): net-print/cups-pdf: (global) net-print/gutenprint: (global) prelude (2 uses): net-analyzer/nessus-core: (global) net-firewall/nufw: (global) recode (2 uses): app-i18n/enca: (global) dev-lang/php: (global) uclibc (2 uses): app-antivirus/clamav: (global) x11-wm/icewm: (global) 3dfx (3 uses): games-fps/unreal-tournament: (global) games-fps/unreal-tournament-goty: (global) media-libs/libggi: (global) apm (3 uses): app-laptop/laptop-mode-tools: (global) app-misc/lcd4linux: Enable the APM plugin. x11-plugins/wmbattery: (global) cdb (3 uses): app-i18n/skk-jisyo: (global) dev-lang/php: (global) mail-mta/postfix: (global) freetds (3 uses): dev-libs/apr-util: (global) dev-qt/qtsql: (global) net-misc/asterisk: (global) jingle (3 uses): kde-apps/kopete: (global) net-im/gajim: (global) net-voip/telepathy-gabble: (global) matroska (3 uses): media-video/h264enc: (global) media-video/ogmrip: (global) media-video/vlc: Enable matroska support using reference libraries (fallback on other existing matroska support if disabled, i.e., matroska enabled FFmpeg) msn (3 uses): net-im/ayttm: (global) net-im/bitlbee: (global) net-im/telepathy-connection-managers: (global) musicbrainz (3 uses): kde-apps/libkcddb: (global) media-sound/abcde: (global) media-sound/cantata: (global) neXt (3 uses): app-editors/gvim: (global) app-editors/xemacs: (global) app-text/xdvik: (global) nocd (3 uses): games-action/descent3: (global) games-action/fakk2: (global) games-strategy/heroes3: (global) oscar (3 uses): kde-apps/kopete: (global) net-im/ayttm: (global) net-im/bitlbee: (global) pcmcia (3 uses): sci-libs/linux-gpib: (global) sci-libs/linux-gpib-modules: (global) sys-firmware/atmel-firmware: (global) pda (3 uses): mail-client/claws-mail: (global) mail-client/sylpheed: (global) net-mail/lbdb: (global) plasma (3 uses): dev-util/kdevelop: (global) net-misc/smb4k: (global) x11-themes/qtcurve: (global) posix (3 uses): dev-lang/php: (global) dev-scheme/scm: (global) net-irc/inspircd: Adds support for POSIX-compatible functions qmail-spp (3 uses): mail-mta/netqmail: (global)
Re: [gentoo-dev] Is there any way I can help with pull requests?
On 20.10.2018 03:33, Michael Orlitzky wrote: > On 10/13/2018 02:32 PM, Mikle Kolyada wrote: >> Quizzes are irrelevant, a person does the quizzes when he/she is >> ready to be the dev, doing quizzes for quizzes or quizzes to become a >> developer is the best way to get rejected by the recruiters team. > I thought this was kind of a strange thing to say, but just ignored > it... not realizing that you were the recruiters lead. Well, people know that recruiters have the opinion about quizzes, so they think it is pointless to discuss :) > > Why do you say that working on the quizzes will get you rejected? I had > a very positive experience while taking them and learned a lot. The main problem is that lots of (not all) people think, if they have quizzes done, they are ready to be developers, some of them even think if they copy-pasted the answer and give us the quote it is ok and they will pass. The answer for both statements is no. > I've > recommended them to potential contributors in the past as a way to > highlight the areas where they might need to improve, and to generally > improve their knowledge of the devmanual. Quzzes are being treated as an obstacle to be a dev, like "wow, I have to answer so much questions to be the dev, I have no time for this". The short answer is: "if you have no time to fill quizzes you are not ready to be the dev", people who are ready spend very little amount of time filling them with zero difficulty. > > Once the new developer finds a mentor, I would think it saves everyone > valuable time if he has a first draft of the quiz prepared. > signature.asc Description: OpenPGP digital signature
