Re: [gentoo-dev] Qt3 mask breaks significant science packages
BdG == Ben de Groot yng...@gentoo.org writes: BdG On 14 March 2010 06:09, James Cloos cl...@jhcloos.com wrote: BdG == Ben de Groot yng...@gentoo.org writes: BdG Abandoned packages do not belong in the portage tree. Nonsense. That attitude only servers to harm the user base. BdG You're wrong. It serves to protect our users from potentially BdG broken and vulnerable packages. Any user who needs *that* much hand-holding will use a binary dist, not a source dist. BdG It ascertains a Quality Assurance level that we and our users can BdG be comfortable with. No, it does not. The user base for a build-locally-from-source dist wants wider access, not just a few packages. Leaving them in does not. BdG It does, as it opens the users up to unknown security BdG vulnerabilities and increasing brokenness as bugs are BdG not addressed. Removing the ebuilds does not help that even one bit. IF they do not use those programs, they are not harmed even if there is some (real) vulnerability -- and don't forget that most of the vulnerability claims are for things which will never happen in practice. (Which is not to suggest that upstreams shouldn't code defensively, just that not every warning is critical enough to loose sleep over.) BdG If Gentoo would stop caring about QA, then we'd be wasting BdG our time working on making this a better distro. Removing ebuilds is not in itself QA. It does not in itself improve quality. There has to be a real reason to remove. Removing a leaf package which has been replaced by its upstream, whether by a simple rename or by a complete re-implementation or anywhere inbetween, is a good call. Removing a widely-used, well-designed and well-managed library and everything which depends on it, just because upstream has stopped dealing with bug reports against that version, is not. The likelyhood that any significant issues remain in qt3 is small. The relevant apps work, have been working and will continue to work. I will not begrudge the kde team for wanting to support only kde4. Dropping kde3 in favour of kde4 is just an upgrade. But dropping qt3 even though packages exist which depend on it and have not been ported to qt4 (and it *is* a /port/, *not* an /upgrade/) is simply the wrong thing to do. It is also OK to mask -- but not necessarily remove -- a package with a truly exploitable bug; moreso if the package is itself security-related. That means real exploits in the wild, real attempts to do harm. The so-called qa team has been acting too robotically. It needs to show more common sense and better judgement. Worry about the real problems, not the trivial. Work to fix packages, not to murder them. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6
Re: [gentoo-dev] Qt3 mask breaks significant science packages
On 14 March 2010 06:09, James Cloos cl...@jhcloos.com wrote: BdG == Ben de Groot yng...@gentoo.org writes: BdG Abandoned packages do not belong in the portage tree. Nonsense. That attitude only servers to harm the user base. You're wrong. It serves to protect our users from potentially broken and vulnerable packages. It ascertains a Quality Assurance level that we and our users can be comfortable with. Leaving them in does not. It does, as it opens the users up to unknown security vulnerabilities and increasing brokenness as bugs are not addressed. If Gentoo would stop caring about QA, then we'd be wasting our time working on making this a better distro. Cheers, -- Ben de Groot Gentoo Linux developer (qt, media, lxde, desktop-misc) __
Re: [gentoo-dev] Qt3 mask breaks significant science packages
BdG == Ben de Groot yng...@gentoo.org writes: BdG Abandoned packages do not belong in the portage tree. Nonsense. That attitude only servers to harm the user base. Leaving them in does not. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6
Re: [gentoo-dev] Qt3 mask breaks significant science packages
On Sunday 14 of March 2010 06:09:44 James Cloos wrote: BdG == Ben de Groot yng...@gentoo.org writes: BdG Abandoned packages do not belong in the portage tree. Nonsense. That attitude only servers to harm the user base. Leaving them in does not. But leaving them broken and unmaintained in main repository harms Gentoo quality and image. User base is welcome to step up and help with maintenance and that's what guys in kde-sunsite overlay actually do. So... patches welcome! Thanks! -- regards MM
Re: [gentoo-dev] Qt3 mask breaks significant science packages
On Fri, Mar 12, 2010 at 6:18 AM, Robert Bradbury robert.bradb...@gmail.com wrote: It would appear that the pending (0321) mask of Qt3 will break sci-misc/qcad, sci-chemistry/xdrawchem and x11-misc/glunarclock. I'm not concerned but I feel sympathy for those who use these packages and many others. The decision from the qt project to remove qt3 and all its dependencies from the tree is suboptimal to say the least. A library project should be at the service of those using the library, not dictating to those using it. That said they were perfectly entitled to make the decision of not wanting to maintain qt3 any longer. The only advice I can give is that all disgruntled users and developers create a qt3 project and adopt/unmask/re-commit the qt3 libraries for maintainers of packages who need it. I doubt this will happen as this could have been done a long time ago, but it's never too late. Denis.
Re: [gentoo-dev] Qt3 mask breaks significant science packages
On Fri, 12 Mar 2010 08:46:34 -0700 Denis Dupeyron calc...@gentoo.org wrote: [...] That said they were perfectly entitled to make the decision of not wanting to maintain qt3 any longer. The only advice I can give is that all disgruntled users and developers create a qt3 project and adopt/unmask/re-commit the qt3 libraries for maintainers of packages who need it. I doubt this will happen as this could have been done a long time ago, but it's never too late. Or like the old gtk-1: completely abandon the package and let the consumers upgrade slowly. IMHO this is the less annoying approach for everyone. Alexis. signature.asc Description: PGP signature
Re: [gentoo-dev] Qt3 mask breaks significant science packages
On 12-03-2010 08:46:34 -0700, Denis Dupeyron wrote: That said they were perfectly entitled to make the decision of not wanting to maintain qt3 any longer. The only advice I can give is that all disgruntled users and developers create a qt3 project and adopt/unmask/re-commit the qt3 libraries for maintainers of packages who need it. I doubt this will happen as this could have been done a long time ago, but it's never too late. Didn't we have a graveyard thing/overlay somewhere some day? Some users might happily prefer to use stuff that's treecleaned, or removed due security issues. If removal of stuff would mean it's dumped in there it can be easily used by users and more easily readded later afterwards, if need arises. -- Fabian Groffen Gentoo on a different level
Re: [gentoo-dev] Qt3 mask breaks significant science packages
Le vendredi 12 mars 2010 à 16:59 +0100, Alexis Ballier a écrit : On Fri, 12 Mar 2010 08:46:34 -0700 Denis Dupeyron calc...@gentoo.org wrote: [...] That said they were perfectly entitled to make the decision of not wanting to maintain qt3 any longer. The only advice I can give is that all disgruntled users and developers create a qt3 project and adopt/unmask/re-commit the qt3 libraries for maintainers of packages who need it. I doubt this will happen as this could have been done a long time ago, but it's never too late. Or like the old gtk-1: completely abandon the package and let the consumers upgrade slowly. IMHO this is the less annoying approach for everyone. Well the discussion about dropping glib-1 and gtk-1 pops up once in a while in the herd. The removal hasn't been done yet because we focus more on packages that pops most on bugzilla for example. -- Gilles Dartiguelongue e...@gentoo.org Gentoo
Re: [gentoo-dev] Qt3 mask breaks significant science packages
On 12/03/10 17:17, Fabian Groffen wrote: On 12-03-2010 08:46:34 -0700, Denis Dupeyron wrote: That said they were perfectly entitled to make the decision of not wanting to maintain qt3 any longer. The only advice I can give is that all disgruntled users and developers create a qt3 project and adopt/unmask/re-commit the qt3 libraries for maintainers of packages who need it. I doubt this will happen as this could have been done a long time ago, but it's never too late. Didn't we have a graveyard thing/overlay somewhere some day? Some users might happily prefer to use stuff that's treecleaned, or removed due security issues. If removal of stuff would mean it's dumped in there it can be easily used by users and more easily readded later afterwards, if need arises. As we have the overlay depend on overlay support now, we could easily put those packages into the sci overlay, if there would be a qt3 support/lib overlay. signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Qt3 mask breaks significant science packages
On Friday 12 of March 2010 17:17:01 Fabian Groffen wrote: On 12-03-2010 08:46:34 -0700, Denis Dupeyron wrote: That said they were perfectly entitled to make the decision of not wanting to maintain qt3 any longer. The only advice I can give is that all disgruntled users and developers create a qt3 project and adopt/unmask/re-commit the qt3 libraries for maintainers of packages who need it. I doubt this will happen as this could have been done a long time ago, but it's never too late. Didn't we have a graveyard thing/overlay somewhere some day? Some users might happily prefer to use stuff that's treecleaned, or removed due security issues. If removal of stuff would mean it's dumped in there it can be easily used by users and more easily readded later afterwards, if need arises. Yes, it's called kde-sunset and it contains KDE3 and should contain Qt3 applications (maybe it does, may not all of them though) removed from tree recently. It's not graveyard really as some users actively maintain this overlay. http://git.overlays.gentoo.org/gitweb/?p=proj/kde-sunset.git (layman -a kde-sunset) -- regards MM
Re: [gentoo-dev] Qt3 mask breaks significant science packages
On 12 March 2010 14:18, Robert Bradbury robert.bradb...@gmail.com wrote: It would appear that the pending (0321) mask of Qt3 will break sci-misc/qcad, sci-chemistry/xdrawchem and x11-misc/glunarclock. The mask has already been in place since March 1st. a) Has research been done to determine whether there are replacements for these packages and why aren't they suggested in the mask comments? See the discussion in the relevant bugs and on the forums. For qcad see bug #284896 and for xdrawchem bug #299588. Glunarclock is unrelated. b) If one is forced to run Qt3 in order to support these older packages, is there *good* documentation on how to do this (and why isn't this suggested in the mask comments)? Because package.mask is not the right place for documentation. It does refer to bug #283429, the tracker bug for the Qt3 mask and removal. This in turn refers to our announcement [1] which mentions that Qt3 and packages depending on it will remain available in the community-maintained kde-sunset overlay. So before there is a rush to remove ebuilds it should be asked whether it is possible to produce a static build and/or whether there is a clear path provided for the retention of legacy packages? There is no rush. We first announced this in July 2009 [2] and then again in December [1]. We have given every opportunity to find appropriate upgrade paths. As mentioned, users who for some reason need or want to keep using legacy packages can use the kde-sunset overlay. 1: http://archives.gentoo.org/gentoo-dev-announce/msg_f295c1c2d9d70238d289de3a7ed5bf5c.xml 2: http://archives.gentoo.org/gentoo-dev-announce/msg_d851e05567d538b662f34de8dfdb7316.xml Cheers, -- Ben de Groot Gentoo Linux developer (qt, media, lxde, desktop-misc) __
Re: [gentoo-dev] Qt3 mask breaks significant science packages
On 12 March 2010 16:59, Alexis Ballier aball...@gentoo.org wrote: Or like the old gtk-1: completely abandon the package and let the consumers upgrade slowly. IMHO this is the less annoying approach for everyone. Abandoned packages do not belong in the portage tree. That's why we have a treecleaners project. Cheers, -- Ben de Groot Gentoo Linux developer (qt, media, lxde, desktop-misc) __
