Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
Ciaran McCreesh kirjoitti: On Sat, 05 Jan 2008 20:52:49 -0600 Martin Jackson [EMAIL PROTECTED] wrote: That's making the assumption that anyone looked at it, of course. Please note comment #9 on http://bugs.gentoo.org/show_bug.cgi?id=198346. It was still ~8 days from then that the setuptools keyword was added. So, we have examples of impact due to delay in keywords/etc. Shall we proceed with the discussion of what to do about it? http://www.gentoo.org/security/en/vulnerability-policy.xml The target for that GLSA was 20 days. 8 days is well within target. What are you moaning about? Well sqlite has been security vulrenable for two months now http://bugs.gentoo.org/show_bug.cgi?id=194812 Here is the comment from security for remaining arch teams to speed things up: http://bugs.gentoo.org/show_bug.cgi?id=194812#c8 Regards, Petteri signature.asc Description: OpenPGP digital signature
[gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
On Sun, 6 Jan 2008, Ciaran McCreesh wrote: So nothing that's a priority for the users of those archs then. Now please provide specific examples of how anyone is being held up. http://bugs.gentoo.org/show_bug.cgi?id=202726 Michael Sterrett -Mr. Bones.- [EMAIL PROTECTED] -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
On Sat, 5 Jan 2008 20:33:15 -0500 (EST) Michael Sterrett -Mr. Bones.- [EMAIL PROTECTED] wrote: On Sun, 6 Jan 2008, Ciaran McCreesh wrote: So nothing that's a priority for the users of those archs then. Now please provide specific examples of how anyone is being held up. http://bugs.gentoo.org/show_bug.cgi?id=202726 And what is the impact of that holdup? Have you explained why you consider that to be a priority to the arch teams in question? -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
And what is the impact of that holdup? Have you explained why you consider that to be a priority to the arch teams in question? We had a sec bug on net-snmp that was held up due to dev-python/setuptools not being ~mips. The net-snmp folks added a python module to their distribution, and I added support to the ebuild for it, so now the latest stable net-snmp for mips has a DoS against it. See http://bugs.gentoo.org/show_bug.cgi?id=191550 - it took 2 months for mips to keyword it. Security bugs are normally supposed to have enhanced priority for keywording, etc. Thanks, Marty -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
On Sat, 05 Jan 2008 20:18:09 -0600 Martin Jackson [EMAIL PROTECTED] wrote: See http://bugs.gentoo.org/show_bug.cgi?id=191550 - it took 2 months for mips to keyword it. Security bugs are normally supposed to have enhanced priority for keywording, etc. Perhaps you should have explicitly stated in the bug that it was for security reasons and thus a priority. Make things easy for the arch teams -- if you have useful information like that, provide it in an easy to see place. Looking at that bug, I don't see anything indicating that there's any reason it should have been considered over more widely used packages. -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
On Sat, 05 Jan 2008 20:32:09 -0600 Martin Jackson [EMAIL PROTECTED] wrote: Perhaps you should have explicitly stated in the bug that it was for security reasons and thus a priority. Make things easy for the arch teams -- if you have useful information like that, provide it in an easy to see place. Looking at that bug, I don't see anything indicating that there's any reason it should have been considered over more widely used packages. Because setuptools is not widely used? The sec bug was (and remains) linked as a blocker. Is that not explicit or easy enough? When arch people get dozens to hundreds of bug emails per day, no, it's not. A simple this is now a security issue, see bug blah makes it an awful lot easier for arch people to prioritise -- emails that merely show blockers added or removed tend to get ignored because a) they're almost always meaningless changes from the arch team's perspective, and b) the bug email doesn't convey any useful information on its own anyway. -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
When arch people get dozens to hundreds of bug emails per day, no, it's not. A simple this is now a security issue, see bug blah makes it an awful lot easier for arch people to prioritise -- emails that merely show blockers added or removed tend to get ignored because a) they're almost always meaningless changes from the arch team's perspective, and b) the bug email doesn't convey any useful information on its own anyway. That's making the assumption that anyone looked at it, of course. Please note comment #9 on http://bugs.gentoo.org/show_bug.cgi?id=198346. It was still ~8 days from then that the setuptools keyword was added. So, we have examples of impact due to delay in keywords/etc. Shall we proceed with the discussion of what to do about it? Thanks, Marty -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
On Sat, 05 Jan 2008 20:52:49 -0600 Martin Jackson [EMAIL PROTECTED] wrote: That's making the assumption that anyone looked at it, of course. Please note comment #9 on http://bugs.gentoo.org/show_bug.cgi?id=198346. It was still ~8 days from then that the setuptools keyword was added. So, we have examples of impact due to delay in keywords/etc. Shall we proceed with the discussion of what to do about it? http://www.gentoo.org/security/en/vulnerability-policy.xml The target for that GLSA was 20 days. 8 days is well within target. What are you moaning about? -- Ciaran McCreesh signature.asc Description: PGP signature
[gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
Diego 'Flameeyes' Pettenò posted [EMAIL PROTECTED], excerpted below, on Fri, 06 Jan 2006 12:23:52 +0100: On Friday 06 January 2006 09:37, Duncan wrote: Well, for that matter, distribution is considered at least by my *BSD friends, to be a peculiarly Linux term. From their perspective, Linux has 1001 distributions, but they only have the one *BSD they choose to use. That's what we started changing. Gentoo/FreeBSD is by all means a FreeBSD distribution (actually, PC-BSD started this a bit before of us). We didn't fork it to change the base system, we use FreeBSD basesystem and portage, so it's not like others BSD. And I definitely wish you well in your G/FBSD efforts, but when I mentioned them on my local ISP's unix (*ix) group, the FBSD groupies reaction was Yuck! Tell me, from someone who obviously has some FBSD experience, what advantages does Gentoo/FreeBSD have over the normal FreeBSD? Why would someone use it who is currently using regular FreeBSD, and why are you spending the time? There are obviously reasons, as you're a very talented person spending quite a bit of time on the project, but equally obviously, I'm not familiar enough with them to make a good G/FBSD representative, at this point. (If you like and don't consider this topical for the list or thread, mail me. If I have the question, however, it's possible others do as well, and just haven't asked, so maybe it is worth keeping to the list. Whatever. /I'm/ interested, anyway.) TIA -- Duncan - List replies preferred. No HTML msgs. Every nonfree program has a lord, a master -- and if you use the program, he is your master. Richard Stallman in http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
On Friday 06 January 2006 16:15, Duncan wrote: And I definitely wish you well in your G/FBSD efforts, but when I mentioned them on my local ISP's unix (*ix) group, the FBSD groupies reaction was Yuck! Same for FreeBSD devs that tries to hinder us. But why? They think to be the keeper of The Only Truth? Well the bsd is dying joke born for that reason. Check on my blog if you want to know why I continue working on this and I continue thinking it's a good way to _improve_ software. Might not have, right now, any appeal to sysadmins, but it has some advantages (and some drawbacks, as everything), and I like the improvements. But this is not the place to discute this. -- Diego Flameeyes Pettenò - http://dev.gentoo.org/~flameeyes/ Gentoo/ALT lead, Gentoo/FreeBSD, Video, AMD64, Sound, PAM, KDE pgpQBx4J8HqEg.pgp Description: PGP signature
Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
You better bring this up on the gentoo-alt mailing list. Please consider posting it there instead of going in a private discussion. On 06-01-2006 08:15:42 -0700, Duncan wrote: And I definitely wish you well in your G/FBSD efforts, but when I mentioned them on my local ISP's unix (*ix) group, the FBSD groupies reaction was Yuck! Tell me, from someone who obviously has some FBSD experience, what advantages does Gentoo/FreeBSD have over the normal FreeBSD? Why would someone use it who is currently using regular FreeBSD, and why are you spending the time? There are obviously reasons, as you're a very talented person spending quite a bit of time on the project, but equally obviously, I'm not familiar enough with them to make a good G/FBSD representative, at this point. (If you like and don't consider this topical for the list or thread, mail me. If I have the question, however, it's possible others do as well, and just haven't asked, so maybe it is worth keeping to the list. Whatever. /I'm/ interested, anyway.) TIA -- Fabian Groffen Gentoo/Alt -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
On Fri, Jan 06, 2006 at 08:15:42AM -0700, Duncan wrote: Tell me, from someone who obviously has some FBSD experience, what advantages does Gentoo/FreeBSD have over the normal FreeBSD? Why would someone use it who is currently using regular FreeBSD, and why are you spending the time? There are obviously reasons, as you're a very talented person spending quite a bit of time on the project, but equally obviously, I'm not familiar enough with them to make a good G/FBSD representative, at this point. I'll probably be using it sometime soon because ports is archaic at best -- Jon Portnoy avenj/irc.freenode.net -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Re: Re: Monthly Gentoo Council Reminder for January
Duncan wrote: [Fri Jan 06 2006, 09:15:42AM CST] Tell me, from someone who obviously has some FBSD experience, what advantages does Gentoo/FreeBSD have over the normal FreeBSD? Why would someone use it who is currently using regular FreeBSD, and why are you spending the time? There are obviously reasons, as you're a very talented person spending quite a bit of time on the project, but equally obviously, I'm not familiar enough with them to make a good G/FBSD representative, at this point. Most of the things that people like about Gentoo have little to do with the underlying C library, kernel, and userland. Instead, it's portage, sane configuration files, and dependency-based start-up scripts that tend to attract people, and as such it's not surprising that people would like to have all of that on a nominally *BSD-based system (for those people who actually do care about the underlying C library, kernel, and userland). That's the practical reason. A slightly more idealistic reason is that part of the Gentoo philosophy is that packages should work as portably as possible, and we should be a member-in-good-standing of the community. The native *BSD teams have been known to patch their ports to work on their systems without sending their patches upstream. We have a single portage tree that handles packages for all archs (and OSs), and our Alt teams work hard to generate patches that are (a) applied independent of arch/os/whatever and (b) sent upstream. Consequently, work on non-Linux actually does a fair bit to improve the entire community. -g2boojum- -- Grant Goodyear Gentoo Developer [EMAIL PROTECTED] http://www.gentoo.org/~g2boojum GPG Fingerprint: D706 9802 1663 DEF5 81B0 9573 A6DC 7152 E0F6 5B76 pgpVWVEQ7uLkQ.pgp Description: PGP signature