Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Ciaran, On 02-04-2009 15:47:05 +0100, Ciaran McCreesh wrote: On Thu, 2 Apr 2009 11:53:47 +0200 Fabian Groffen grob...@gentoo.org wrote: While the first variable (EPREFIX) can be set using an eclass, the latter two need to be set by the package manager. In particular ED, because the value of D might not be known. EROOT and ED are convenience variables. Making them available already now, even though initialised as ROOT and D respectively, allows Prefix enabled ebuilds to be shared between gentoo-x86 and Prefix trees without modifications. Why not just do it properly? Come up with a full list of requirements, propose a full solution, open it up for feedback and adapt it as necessary. Then just move the whole thing into a future EAPI. Recently we changed our approach from being a new EAPI into blending into any existing EAPI. We can do this, since Prefix is orthogonal to any existing EAPI to date. The mentioned variables simply make life easier, but are not strictly necessary. Unfortunately we can't set them from an eclass, so we need help from the package manager for them. My worry is we'll end up with more legacy mess that package managers will have to carry on supporting indefinitely, but that won't be used by anything once prefix goes through the necessary changes to make it mainstream. Limiting Gentoo Prefix ebuilds to a future EAPI will not be acceptable with regards to system packages and we will still have a crappy overlay for a long multi-year period. The fact is, Prefix ebuilds can be used regardless of EAPI in use. We used to do EAPI=prefix # but that was way too much maintance overhead and just recently EAPI=prefix has been killed in favour of full compatability. You seem to suggest there are issues, do you have any specific concerns that we can address? -- Fabian Groffen Gentoo on a different level
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Mon, 6 Apr 2009 19:24:41 +0200 Fabian Groffen grob...@gentoo.org wrote: You seem to suggest there are issues, do you have any specific concerns that we can address? I've still not seen a full description of the problem you're trying to solve with prefix. The last time we tried this there were a lot of unanswered questions about your approach. What you have for prefix is fine for a playing around project, but unless you've moved on significantly from when we last discussed it, there's a significant gap between what you have and what you've been trying to do and what would be suitable or ideal for main tree use. I think we'd all benefit from a proper discussion of goals and details of how various problems will be solved before moving prefix to an official EAPI. -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2 Apr 2009 11:53:47 +0200 Fabian Groffen grob...@gentoo.org wrote: While the first variable (EPREFIX) can be set using an eclass, the latter two need to be set by the package manager. In particular ED, because the value of D might not be known. EROOT and ED are convenience variables. Making them available already now, even though initialised as ROOT and D respectively, allows Prefix enabled ebuilds to be shared between gentoo-x86 and Prefix trees without modifications. Why not just do it properly? Come up with a full list of requirements, propose a full solution, open it up for feedback and adapt it as necessary. Then just move the whole thing into a future EAPI. My worry is we'll end up with more legacy mess that package managers will have to carry on supporting indefinitely, but that won't be used by anything once prefix goes through the necessary changes to make it mainstream. -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
2009/4/1 Mike Frysinger vap...@gentoo.org: If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. I would like the Council to discuss the matter of Portage repeatedly changing behaviour in ebuild-visible ways without an EAPI bump or even an announcement that anything changed. Notable examples include .lzma support in unpack (bug 207193), the change in pkg_* phase ordering (bug 222721) and the preservation of timestamps during merge (bug 264130). It is quite frustrating to spend considerable effort determining Portage's behaviour and matching it in Paludis, only to find a few months later that Portage changed and now users are getting broken packages if not broken systems because ebuilds are starting to rely on the new rules. (The /really/ hilarious part is that certain people then accuse /us/ of being uncooperative and not caring about compatibility.) This needs to be dealt with if Gentoo is ever going to take the idea of PMS, or indeed EAPI itself, at all seriously.
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On , 01 Apr 2009, Mike Frysinger wrote: If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. Since EAPI 3 is on the agenda already, I would ask the council to consider inclusion of mtime preservation (see bug 264130, and the thread Preserving mtimes for EAPI3 in this ML). The proposal comes in two variations (to be decided upon): a) mtimes fixup and preservation of mtimes when merging are both mandatory. (This would require changes in all package managers.) b) mtimes fixup is optional, preservation of mtimes is mandatory. (This wouldn't require any immediate changes in Portage and Pkgcore.) Ulrich
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
I win, as always *g* -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2008.04.07 21:37, Petteri Räty wrote: Petteri Räty kirjoitti: I checked the current slacker script and it checks for having at least one commit in last 60 days. We could of course just change the slacker script to list the activity for everyone during the last 60 days and leave the interpretation to undertakers. Regards, Petteri So I wrote a new slacker script that gets the active developers from LDAP and checks the activity for the last 60 days. One repoman commit should equal a couple entries on history but not sure on that. robbat2 [snip] Posting to public as the info is available via anoncvs for example any way. [EMAIL PROTECTED] ~ $ python slacker.py /var/cvsroot/CVSROOT/history [snip] 1 neddyseagoon [snip] That's worrying, I'm not supposed to have commit access to the tree. trustees docs, yes but that's the limit. To my knowledge, I've never made a commit there either. We should exclude forums mods who are not ebuild developers, (like me). I see a few forums mods in the lists, e.g. amne and pilla. - -- Regards, Roy Bamford (NeddySeagoon) a member of gentoo-ops forum-mods treecleaners trustees -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkf7q74ACgkQTE4/y7nJvasdDACfU5hMP7dQjHFZmnKLaaFz+vEI oK4An3pjGMnTQjldOW5tv71JrWS0i6m9 =K4ZB -END PGP SIGNATURE- -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Tue, Apr 08, 2008 at 06:30:17PM +0100, Roy Bamford wrote: That's worrying, I'm not supposed to have commit access to the tree. trustees docs, yes but that's the limit. To my knowledge, I've never made a commit there either. That's for ALL of CVS. Not just gentoo-x86. -- Robin Hugh Johnson Gentoo Linux Developer Infra Guy E-Mail : [EMAIL PROTECTED] GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 pgpJWtanyhwWM.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Petteri Räty kirjoitti: I checked the current slacker script and it checks for having at least one commit in last 60 days. We could of course just change the slacker script to list the activity for everyone during the last 60 days and leave the interpretation to undertakers. Regards, Petteri So I wrote a new slacker script that gets the active developers from LDAP and checks the activity for the last 60 days. One repoman commit should equal a couple entries on history but not sure on that. robbat2 succested that we add the info to LDAP on who is expected to have commits so purely infra people would not show up. Current slacker script has the info hard coded. Posting to public as the info is available via anoncvs for example any way. [EMAIL PROTECTED] ~ $ python slacker.py /var/cvsroot/CVSROOT/history 0 aetius 0 agaffney 0 amne 0 aross 0 b33fc0d3 0 bbj 0 blackace 0 cab 0 codeman 0 dams 0 dav_it 0 dcoutts 0 desultory 0 djay 0 dmwaters 0 dostrow 0 earthwings 0 ehmsen 0 eradicator 0 gmsoft 0 hparker 0 jforman 0 jmglov 0 joslwah 0 jrinkovs 0 jsin 0 kallamej 0 kanaka 0 kernelsensei 0 klieber 0 kolmodin 0 leonardop 0 livewire 0 markm 0 mbres 0 mdisney 0 mduft 0 musikc 0 pilla 0 pingu 0 pipping 0 pjp 0 polvi 0 psi29a 0 pvdabeel 0 r3pek 0 ramereth 0 redhatter 0 rl03 0 shellsage 0 stkn 0 strerror 0 tacotest 0 tchiwam 0 the_paya 0 think4urs11 0 thoand 0 tomk 0 vanquirius 0 wormo 1 hattya 1 neddyseagoon 1 yuval 2 astinus 2 jaervosz 2 maedhros 2 tantive 2 trapni 3 ferdy 3 haubi 3 mattepiu 3 pauldv 4 kumba 4 mjolnir 4 pappy 4 radek 5 dju 5 g2boojum 5 joker 5 killerfox 5 ribosome 5 tommy 6 centic 6 jurek 7 mark_alec 7 sirseoman 8 nichoj 8 swift 9 tsunam 9 vorlon 10 cryos 10 griffon26 10 peitolm 11 jkt 11 spb 12 kingtaco 12 moloh 13 fordfrog 13 jmbsvicetto 13 peper 14 chtekk 14 elvanor 15 battousai 15 lucass 15 nixphoeni 16 bass 16 kang 17 falco 17 ian 17 shindo 18 jakub 18 pythonhead 19 fuzzyray 19 humpback 19 keytoaster 19 pclouds 19 yoswink 20 agorf 21 gregkh 22 genone 22 gurligebis 23 smithj 24 anant 26 george 26 iluxa 26 je_fro 27 chiguire 27 chutzpah 27 marineam 28 flammie 29 deathwing00 30 fox2mike 32 drizzt 32 lavajoe 32 phosphan 33 rajiv 35 truedfx 39 lordvan 41 py 42 araujo 42 cam 46 zmedico 48 rbrown 49 jsbronder 49 yvasilev 51 antarus 51 omp 52 lack 52 lu_zero 52 titefleur 53 tupone 54 josejx 59 dsd 60 grobian 60 voxus 61 suka 62 s4t4n 63 pylon 65 ikelos 65 mrness 67 bangert 68 hoffie 68 stefaan 70 spock 71 ali_bush 74 halcy0n 78 hkbst 79 keri 79 steev 83 nerdboy 83 tgall 87 solar 88 welp 88 wrobel 89 mabi 89 tgurr 95 sbriesen 98 williamh 100 chainsaw 105 ken69267 106 rich0 109 rbu 111 remi 126 tove 130 zaheerm 136 dang 142 matsuu 144 hawking 146 voyageur 158 swegener 159 compnerd 159 nelchael 159 neysx 159 zlin 163 genstef 171 yngwin 177 dragonheart 187 caleb 188 alonbl 189 grahl 192 klausman 193 markusle 194 hanno 200 calchan 203 ticho 206 zzam 225 mpagano 226 caster 226 dirtyepic 239 wltjr 252 ricmm 253 xmerlin 262 hd_brummy 267 cla 275 wschlich 281 tester 290 nyhm 292 dev-zero 302 cedk 326 angelos 350 bicatali 354 shadow 363 scen 364 pebenito 406 fmccor 433 pva 462 dberkholz 487 robbat2 493 dertobi123 494 nightmorph 524 rane 525 flameeyes 527 betelgeuse 531 beandog 532 ulm 584 jokey 598 r0bertz 603 cardoe 632 carlo 669 graaff 692 eva 704 phreak 715 mr_bones_ 742 leio 763 hollow 920 aballier 946 wolf31o2 978 corsair 1046 nixnut 1063 maekke 1088 coldwind 1094 drac 1118 ranger 1590 vapier 1671 opfer 2836 jer 3404 armin76 26767 ingmar 41523 philantrop signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Monday 07 April 2008 04:37:18 pm Petteri Räty wrote: Petteri Räty kirjoitti: So I wrote a new slacker script that gets the active developers from LDAP and checks the activity for the last 60 days. One repoman commit should equal a couple entries on history but not sure on that. robbat2 succested that we add the info to LDAP on who is expected to have commits so purely infra people would not show up. Current slacker script has the info hard coded. Posting to public as the info is available via anoncvs for example any way. [EMAIL PROTECTED] ~ $ python slacker.py /var/cvsroot/CVSROOT/history snip I may be incorrect but I do believe I see some 'staff' level people without commit access on the list. We may want to exclude them along with the infra folks, also. -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Petteri Räty wrote: 26767 ingmar 41523 philantrop Go KDE go! :) Cheers, -jkt -- cd /local/pub more beer /dev/mouth signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Mike Pagano kirjoitti:
On Monday 07 April 2008 04:37:18 pm Petteri Räty wrote:
Petteri Räty kirjoitti:
So I wrote a new slacker script that gets the active developers from
LDAP and checks the activity for the last 60 days. One repoman commit
should equal a couple entries on history but not sure on that. robbat2
succested that we add the info to LDAP on who is expected to have
commits so purely infra people would not show up. Current slacker script
has the info hard coded. Posting to public as the info is available via
anoncvs for example any way.
[EMAIL PROTECTED] ~ $ python slacker.py /var/cvsroot/CVSROOT/history
snip
I may be incorrect but I do believe I see some 'staff' level people without
commit access on the list. We may want to exclude them along with the infra
folks, also.
Guess I wasn't clear enough. There is no filtering in that list based on
the developer role in Gentoo. It's all Gentoo developers marked as
active in LDAP. We first need to add the LDAP attributes before we can
add the filter to the script. Might as well attach the script too.
Regards,
Petteri
def fetch_nicks_from_ldap():
import ldap
l = ldap.initialize('ldap://ldap1.gentoo.org')
l.set_option(ldap.OPT_X_TLS_DEMAND, True)
l.start_tls_s()
l.simple_bind_s()
nicks = {}
for entry in l.search_s('ou=devs,dc=gentoo,dc=org', ldap.SCOPE_ONELEVEL,
filterstr='((gentooStatus=active)(uid=*))', attrlist=['uid']):
nicks[entry[1]['uid'][0]] = 0
l.unbind()
return nicks
import sys
if len(sys.argv) 2:
sys.stderr.write(Give CVS history file location.\n)
sys.exit(1)
from datetime import datetime,timedelta
start = datetime.now() - timedelta(days=60)
f = open(sys.argv[1],'r')
nicks = fetch_nicks_from_ldap()
for line in f:
time,nick = line.split('|')[0:2]
time = datetime.fromtimestamp(int(time[1:], 16))
if time start and nick in nicks:
nicks[nick] += 1
f.close()
for t in sorted(nicks.items(), key=lambda(k,v):(v,k)):
print %d %s % tuple(reversed(t))
signature.asc
Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Tue, Apr 08, 2008 at 03:10:03AM +0300, Petteri R??ty wrote: Guess I wasn't clear enough. There is no filtering in that list based on the developer role in Gentoo. It's all Gentoo developers marked as active in LDAP. We first need to add the LDAP attributes before we can add the filter to the script. Might as well attach the script too. Furthermore, to clarify, while it includes all CVS add/remove/modify commits, it doesn't include any SVN operations. -- Robin Hugh Johnson Gentoo Linux Developer Infra Guy E-Mail : [EMAIL PROTECTED] GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 pgp2Tbo41gUQ1.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thursday 03 April 2008 14:55:43 Patrick Lauer wrote: But if you don't trust anyone there is no reason why you would even try to interact with Gentoo. So at some point you will have to decide to arbitrarily trust a few entities, be it devs or servers or cryptographic keys ... Uh huh, which is what my original reply to Mike was all about. We're way ahead of you here... Or so you think. So now that you've tried to label me as a dimwit I think you managed that quite well on your own. we're past that stage and can now return to actually discussing the set of issues and how to handle them, ja? The point of this subthread was that limiting developers' access to only the parts of the tree they are going to work on accomplishes nothing from a security point of view and only makes things harder when they occasionally need to do tree wide changes from any other point of view. There is no technical solution that can fix that. -- Bo Andresen Gentoo KDE Dev signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
В Чтв, 03/04/2008 в 18:56 +0300, Petteri Räty пишет: Petteri Räty wrote: Defining required amount of activity for ebuild devs. I would like us to raise the required amount of activity for ebuild devs. I checked the current slacker script and it checks for having at least one commit in last 60 days. We could of course just change the slacker script to list the activity for everyone during the last 60 days and leave the interpretation to undertakers. Number of commits is bad measure for work and time spent on gentoo: some work require long investigation and exactly one commit, while another work require lots of commits and small amount of time spent on that. So, please, stop this formalism! Also this change does not magically fix bugs so bugs are different issue. If you know how/want to fix the bug just mail maintainer, wait some time (one day normally is enough if bug was opened for a long time...) and fix bug. That's it! No need to retire maintainer to fix bugs in his packages. Security is also unrelated as this change does not improve security. The only reason we have that script is to check that developer really left gentoo, but forgot to notify infra... -- Peter. signature.asc Description: Эта часть сообщения подписана цифровой подписью
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On 02-04-2008 21:21:25 -0400, Richard Freeman wrote: Would it make more sense to just make a policy that failure to maintain packages that you're maintainer on will result in getting removed as the maintainer, with said packages going up for grabs? Devs who keep claiming packages only to allow them to bitrot can be booted. On other projects I sometimes see a remark such as: Maintainer time-out, committing the fix as in bug #bla Maybe that is a bit less intrusive as dropping the maintainer entirely. -- Fabian Groffen Gentoo on a different level -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On 01 Apr 2008 05:30:01 Mike Frysinger [EMAIL PROTECTED] wrote: If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. I'd like initial comments from the Council on PMS please. We're reaching the point where we'll be ready to push a draft for general review, and I'd like to know whether there are any major changes that the Council considers necessary or whether it's just a case of fine-tuning the details. http://git.overlays.gentoo.org/gitweb/?p=proj/pms.git -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Jorge Manuel B. S. Vicetto kirjoitti: Petteri Räty wrote: I agree with the above point. Also, as I recall, both Pettery (betelgeuse) and Denis (calchan) have stated before that we no longer have any queue of people waiting on recruiters to join Gentoo. I'm not seeing an avalanche of new blood entering the distro, so I'm wondering where we want to go. If we keep going the route of the last months, I wonder how long it will take until we get under 150 devs. I don't think this will benefit anyone. Furthermore, the trend in the last months was in large part the result of finally retiring people that had been slacking for a long time. This proposal could (would?) lead to sending away people that still do work, albeit at a slower pace or on bursts. We do have somewhat of a backlog at this point because Calchan was away for a while and you can always query bugzilla for the current situation. As others have commented, I don't agree with this point. Also, you're forgetting we have quite a few people working on this project and that we have many different roles. And you are assuming that undertakers wouldn't check their role before acting. Recalling previous discussions about work on gentoo and some of the existing roles, what will you do to AT folks, release members or QA members? Are they also obliged to do a weekly commit to keep their privileges? AT folks aren't devs and see above. Finally, I thought the whole point of removing access to infra boxes (which is the end result of retiring a dev), was a concern with security and not a way to get rid of people - with the exception of administrative action by devrel. Security and gives us a better picture on what is really maintained and what is not. I understand and agree that ebuild devs should keep a minimum level of work to justify their access to the gentoo-x86 tree. I would also like to have a few devs that can do major commits (although commit sprees can have their own problems), but I think there's still a place in this distro for people that want to maintain a few packages, that want to do AT work, that care with the QA of the tree or that work on releases. These people shouldn't be sent away, just because they can't keep with weekly commits (not enough work or time?) or because they work in bursts. To quote myself: How does having the average time between commits be at most a week sound and if it goes under that, undertakers will get a notification? I didn't suggest they have to commit every week. This means 4 commits a month instead of the currently monthly or bimonthly commit check in the script. As a final thought, I think this point is a tangent to the old debate about tree-wide commit privileges and or the scm of the tree. Afterall, if gentoo-x86 was a git tree and or we had acls in the tree, I don't think we would be having or would need to have this argument. If we used git, proxy maintaining would be easier. Regards, Petteri signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Fabian Groffen kirjoitti: On 02-04-2008 21:21:25 -0400, Richard Freeman wrote: Would it make more sense to just make a policy that failure to maintain packages that you're maintainer on will result in getting removed as the maintainer, with said packages going up for grabs? Devs who keep claiming packages only to allow them to bitrot can be booted. On other projects I sometimes see a remark such as: Maintainer time-out, committing the fix as in bug #bla Maybe that is a bit less intrusive as dropping the maintainer entirely. The process of coming back should be quick and easy as the quizzes don't really change that much. Regards, Petteri signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Petteri Räty wrote: Jorge Manuel B. S. Vicetto kirjoitti: Petteri Räty wrote: As others have commented, I don't agree with this point. Also, you're forgetting we have quite a few people working on this project and that we have many different roles. And you are assuming that undertakers wouldn't check their role before acting. I read it as a rule to drop developers. If we're only talking about it raising a warning to undertakers so they can check the dev status, then I don't have a problem with the proposal. Recalling previous discussions about work on gentoo and some of the existing roles, what will you do to AT folks, release members or QA members? Are they also obliged to do a weekly commit to keep their privileges? AT folks aren't devs and see above. To be clear, I didn't meant arch testers but people that do keywords for arch teams. Finally, I thought the whole point of removing access to infra boxes (which is the end result of retiring a dev), was a concern with security and not a way to get rid of people - with the exception of administrative action by devrel. Security and gives us a better picture on what is really maintained and what is not. But in that case I don't think that the level of commits is the best indicator if someone is maintaining properly a package or not. The number of open bugs and the mean time that it takes for the developer to react to a bug might give us a better picture. As a final thought, I think this point is a tangent to the old debate about tree-wide commit privileges and or the scm of the tree. Afterall, if gentoo-x86 was a git tree and or we had acls in the tree, I don't think we would be having or would need to have this argument. If we used git, proxy maintaining would be easier. True, but with some acls we could also have a different model where people worked on parts of the tree and where commit privileges didn't pose so many security risks. With the current practice of doing work in overlays it would also be simpler to merge the work back into the Portage tree. Regards, Petteri -- Regards, Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org Gentoo- forums / Userrel / SPARC / KDE -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 03 Apr 2008 11:35:20 + Jorge Manuel B. S. Vicetto [EMAIL PROTECTED] wrote: True, but with some acls we could also have a different model where people worked on parts of the tree and where commit privileges didn't pose so many security risks. With the current practice of doing work in overlays it would also be simpler to merge the work back into the Portage tree. How does only being able to commit to only part of a tree make commit access any less of a security risk? -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
2008-04-03 13:35 Jorge Manuel B. S. Vicetto [EMAIL PROTECTED] napisał(a): Petteri Räty wrote: Jorge Manuel B. S. Vicetto kirjoitti: As a final thought, I think this point is a tangent to the old debate about tree-wide commit privileges and or the scm of the tree. Afterall, if gentoo-x86 was a git tree and or we had acls in the tree, I don't think we would be having or would need to have this argument. If we used git, proxy maintaining would be easier. True, but with some acls we could also have a different model where people worked on parts of the tree and where commit privileges didn't pose so many security risks. With the current practice of doing work in overlays it would also be simpler to merge the work back into the Portage tree. Also Subversion would be sufficient. ���^�X��� ��(��j)b�b�
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Ciaran McCreesh kirjoitti: On Thu, 03 Apr 2008 11:35:20 + Jorge Manuel B. S. Vicetto [EMAIL PROTECTED] wrote: True, but with some acls we could also have a different model where people worked on parts of the tree and where commit privileges didn't pose so many security risks. With the current practice of doing work in overlays it would also be simpler to merge the work back into the Portage tree. How does only being able to commit to only part of a tree make commit access any less of a security risk? Yeah, you only need access to one ebuild to do whatever you want to user's systems. Regards, Petteri signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Petteri Räty wrote: | Yeah, you only need access to one ebuild to do whatever you want to | user's systems. Perhaps then we should direct more of our efforts towards the GPG package signing system, so that when a dev becomes a libability, their keys can be revoked? Mike 5:) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkf0xgsACgkQu7rWomwgFXrStgCglCcTvdRaEGMyOdU0qfhcG7w8 TuwAnj1Vmho+LPCqreZNKlNhSRBHUjQU =LjIi -END PGP SIGNATURE- -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 03 Apr 2008 12:56:59 +0100 Mike Auty [EMAIL PROTECTED] wrote: Petteri Räty wrote: | Yeah, you only need access to one ebuild to do whatever you want to | user's systems. Perhaps then we should direct more of our efforts towards the GPG package signing system, so that when a dev becomes a libability, their keys can be revoked? Signing offers no protection against a malicious developer. -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ciaran McCreesh wrote: | | Signing offers no protection against a malicious developer. | I had envisaged a system whereby when the tree was synced, as was some kind of master signed list of all acceptable dev-keys. Every package would also be signed, and would only be installed when signed. As soon as a dev becomes a liability their key is removed from the list/revoked. ~ On next sync any packages or package upgrades signed after the time of revocation would not be installed. There would be a window of vulnerability, but no bigger than with revoking a dev's access to the tree. Do you think this would offer suitable protection for users from a malicious dev or not? I understand there are difficulties with eclasses, etc, which is why the current implementation is still not widely used or mandated, but I'm more interested in the feasibility of the idea. Mike 5:) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkf0yu8ACgkQu7rWomwgFXrxOwCeKOdkiFhpknf/q/6jq1sPf70t 3xMAoJxlLYhweQspnIJe626TYdmeA3BQ =hKID -END PGP SIGNATURE- -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 William L. Thomson Jr. wrote: | It's about quality not quantity maybe? It's about both, and getting the balance right is effectively what this boils down to (as do many discussions on -dev). There's those devs who want high levels of QA and those devs that want the latest/obscure/testing/rare packages. Generally the two sides play oppose each other. Personally I think having both super-devs (who do lots of commits, care deeply about QA and know their stuff intimately) and official-contributor type devs (those who maintain a few specialist packages when they can) is a good idea. Giving the undertakers more work by giving them more reports of potentially lax devs and requiring them to investigate seems a little wasteful to me. I'd far rather the undertakers spent the extra time on positive contributions to the actual distribution (rather than it's administration). So the still unanswered question appears to be, would we like Gentoo to have fewer packages and less choice but greater QA, stability and a feel of professionalism, or would we like to have more packages and choice but a worse QA record, make some mistakes, and have a more community-based feel? If you're going to try to answer this question please be delicate with your repsonses, in the past I can recall developers leaving over exactly this divide... Mike 5:) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkf0y6wACgkQu7rWomwgFXoCRACdHKACZY9yjfetGKJ5JtRP6y6U YBkAniFzWanDJvUkXUe8XglBBBP9sXsk =mp9f -END PGP SIGNATURE- -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 03 Apr 2008 13:17:51 +0100 Mike Auty [EMAIL PROTECTED] wrote: Ciaran McCreesh wrote: | Signing offers no protection against a malicious developer. I had envisaged a system whereby when the tree was synced, as was some kind of master signed list of all acceptable dev-keys. Every package would also be signed, and would only be installed when signed. As soon as a dev becomes a liability their key is removed from the list/revoked. ~ On next sync any packages or package upgrades signed after the time of revocation would not be installed. There would be a window of vulnerability, but no bigger than with revoking a dev's access to the tree. Do you think this would offer suitable protection for users from a malicious dev or not? Nope. In fact, using such a system, there are ways of getting in code that doesn't get triggered until someone's key gets invalidated. And if you are worrying about malicious developers, you need to worry about malicious infra people too. An infra member throwing his toys out of the pram can do much more lasting damage than someone who can get some global scope nastiness into an ebuild for an hour or two... -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Ciaran McCreesh wrote: On Thu, 03 Apr 2008 13:17:51 +0100 Mike Auty [EMAIL PROTECTED] wrote: Ciaran McCreesh wrote: | Signing offers no protection against a malicious developer. I had envisaged a system whereby when the tree was synced, as was some kind of master signed list of all acceptable dev-keys. Every package would also be signed, and would only be installed when signed. As soon as a dev becomes a liability their key is removed from the list/revoked. ~ On next sync any packages or package upgrades signed after the time of revocation would not be installed. There would be a window of vulnerability, but no bigger than with revoking a dev's access to the tree. Do you think this would offer suitable protection for users from a malicious dev or not? Nope. In fact, using such a system, there are ways of getting in code that doesn't get triggered until someone's key gets invalidated. By this reasoning you shouldn't use passwords ... The idea is to limit the attack vectors and make simple attacks much harder. A sophisticated hacker could just rent a busload of angry serbians, kidnap 12 developers and force them to do some subtle changes in many places. But is that likely to happen? And if you are worrying about malicious developers, you need to worry about malicious infra people too. An infra member throwing his toys out of the pram can do much more lasting damage than someone who can get some global scope nastiness into an ebuild for an hour or two... That has nothing to do with the discussion ... and I don't see how infra could manipulate the signatures in a useful way apart from adding keys or removing some from the official keyring ... This they could do at the moment by manipulating the cvs to rsync copy process, but I'm not aware of something like that happening. So you might want to have a marginal trust in people and not accuse them of things they might do in the future ... -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Mike Auty wrote: Ciaran McCreesh wrote: | | Signing offers no protection against a malicious developer. | I had envisaged a system whereby when the tree was synced, as was some kind of master signed list of all acceptable dev-keys. Every package would also be signed, and would only be installed when signed. As soon as a dev becomes a liability their key is removed from the list/revoked. ~ On next sync any packages or package upgrades signed after the time of revocation would not be installed. There would be a window of vulnerability, but no bigger than with revoking a dev's access to the tree. Do you think this would offer suitable protection for users from a malicious dev or not? There has been some previous work which has never been finalized, for all interested parties: http://viewcvs.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/ Getting this cleaned up and ready for discussion would be quite valuable. I understand there are difficulties with eclasses, etc, which is why the current implementation is still not widely used or mandated, but I'm more interested in the feasibility of the idea. It can be done if people can agree to a policy and allow the programmatic and infrastructural changes to happen. Have fun, Patrick -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 03 Apr 2008 14:29:10 +0200 Patrick Lauer [EMAIL PROTECTED] wrote: Nope. In fact, using such a system, there are ways of getting in code that doesn't get triggered until someone's key gets invalidated. By this reasoning you shouldn't use passwords ... The idea is to limit the attack vectors and make simple attacks much harder. A sophisticated hacker could just rent a busload of angry serbians, kidnap 12 developers and force them to do some subtle changes in many places. But is that likely to happen? No no. The point is, there's no effective technological way of preventing malicious developers from using the tree to screw over end users. Signing isn't designed to and can't prevent that class of attack (and nor can it protect against compromised end user systems). What it *can* do is reduce the amount of damage done by a compromised rsync server. And if you are worrying about malicious developers, you need to worry about malicious infra people too. An infra member throwing his toys out of the pram can do much more lasting damage than someone who can get some global scope nastiness into an ebuild for an hour or two... That has nothing to do with the discussion ... and I don't see how infra could manipulate the signatures in a useful way apart from adding keys or removing some from the official keyring ... This they could do at the moment by manipulating the cvs to rsync copy process, but I'm not aware of something like that happening. So you might want to have a marginal trust in people and not accuse them of things they might do in the future ... That's exactly the thing under discussion -- the design of the system necessitates trust in both the main repository and the end user system, and signing does absolutely nothing to help there. No-one is suggesting that anyone from infra is going to do anything to utterly screw over Gentoo for petty personal reasons. -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Ciaran McCreesh wrote: On Thu, 03 Apr 2008 14:29:10 +0200 Patrick Lauer [EMAIL PROTECTED] wrote: Nope. In fact, using such a system, there are ways of getting in code that doesn't get triggered until someone's key gets invalidated. By this reasoning you shouldn't use passwords ... The idea is to limit the attack vectors and make simple attacks much harder. A sophisticated hacker could just rent a busload of angry serbians, kidnap 12 developers and force them to do some subtle changes in many places. But is that likely to happen? No no. The point is, there's no effective technological way of preventing malicious developers from using the tree to screw over end users. Signing isn't designed to and can't prevent that class of attack (and nor can it protect against compromised end user systems). What it *can* do is reduce the amount of damage done by a compromised rsync server. So then we should at first focus the discussion on a few things: - what classes of attackers are there - what defense mechanisms we can use - what the costs (complexity, time, extra code) of each defense is and then, from that design space, select the option(s) that have the best behaviour. If you get bored you can read the not-yet-GLEPs robbat2 has written with the help of a few others, which would cut out a large part of the discussion: http://viewcvs.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/ That's exactly the thing under discussion -- the design of the system necessitates trust in both the main repository and the end user system, and signing does absolutely nothing to help there. No-one is suggesting that anyone from infra is going to do anything to utterly screw over Gentoo for petty personal reasons. But if you don't trust anyone there is no reason why you would even try to interact with Gentoo. So at some point you will have to decide to arbitrarily trust a few entities, be it devs or servers or cryptographic keys ... -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 03 Apr 2008 14:44:45 +0200 Patrick Lauer [EMAIL PROTECTED] wrote: and then, from that design space, select the option(s) that have the best behaviour. If you get bored you can read the not-yet-GLEPs robbat2 has written with the help of a few others, which would cut out a large part of the discussion: http://viewcvs.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/ Uh... Which signing system did you think we were discussing when we started talking about signing the tree? But if you don't trust anyone there is no reason why you would even try to interact with Gentoo. So at some point you will have to decide to arbitrarily trust a few entities, be it devs or servers or cryptographic keys ... Uh huh, which is what my original reply to Mike was all about. We're way ahead of you here... -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Ciaran McCreesh wrote: On Thu, 03 Apr 2008 14:44:45 +0200 Patrick Lauer [EMAIL PROTECTED] wrote: and then, from that design space, select the option(s) that have the best behaviour. If you get bored you can read the not-yet-GLEPs robbat2 has written with the help of a few others, which would cut out a large part of the discussion: http://viewcvs.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/ Uh... Which signing system did you think we were discussing when we started talking about signing the tree? Well, now we agree that we talk about the same thing after only 4 email pingpongs. That is quite fast! But if you don't trust anyone there is no reason why you would even try to interact with Gentoo. So at some point you will have to decide to arbitrarily trust a few entities, be it devs or servers or cryptographic keys ... Uh huh, which is what my original reply to Mike was all about. We're way ahead of you here... Or so you think. So now that you've tried to label me as a dimwit we're past that stage and can now return to actually discussing the set of issues and how to handle them, ja? -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 03 Apr 2008 14:55:43 +0200 Patrick Lauer [EMAIL PROTECTED] wrote: Uh huh, which is what my original reply to Mike was all about. We're way ahead of you here... Or so you think. So now that you've tried to label me as a dimwit we're past that stage and can now return to actually discussing the set of issues and how to handle them, ja? We established a long time ago that handling the issues isn't a technological problem. -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Mike Auty wrote: So the still unanswered question appears to be, would we like Gentoo to have fewer packages and less choice but greater QA, stability and a feel of professionalism, or would we like to have more packages and choice but a worse QA record, make some mistakes, and have a more community-based feel? If you're going to try to answer this question please be delicate with your repsonses, in the past I can recall developers leaving over exactly this divide... Well, Gentoo is about choice, so why not be both? We already have ~arch/arch and overlays, and if the need really arose we could have more levels of QA. Then everybody can have the level of bleeding-edge that they desire. Maybe all we need is to make it easier to contribute to overlays and use overlays, and then have a moderately-higher general level of QA in the main tree, and then the highest level of QA for stable (particularly for system packages). You could even have the opposite - maybe a super-stable overlay for stuff like server apps with backported patches that users could elect to take priority even over the portage tree. The only real gap is a general facility for assigning priority for repositories (possibly on a per-package basis), and maybe a GUI for managing everything. Regardless, as long as devs actually follow policy I don't see any need to boot them. Maybe very long periods of inactivity should result in having accounts locked as a security measure (so that we don't end up with hundreds of ssh keys with commit access floating around who knows where). Booting out lots of devs just takes a limited set of resources and limits them further. If anything we want to find a way to let more people contribute in a significant way - not less... -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On 11:35 Thu 03 Apr , Jorge Manuel B. S. Vicetto wrote: Petteri R??ty wrote: Jorge Manuel B. S. Vicetto kirjoitti: Petteri R??ty wrote: As others have commented, I don't agree with this point. Also, you're forgetting we have quite a few people working on this project and that we have many different roles. And you are assuming that undertakers wouldn't check their role before acting. I read it as a rule to drop developers. If we're only talking about it raising a warning to undertakers so they can check the dev status, then I don't have a problem with the proposal. Recalling previous discussions about work on gentoo and some of the existing roles, what will you do to AT folks, release members or QA members? Are they also obliged to do a weekly commit to keep their privileges? AT folks aren't devs and see above. To be clear, I didn't meant arch testers but people that do keywords for arch teams. Actually, 'AT' can refer to either arch teams or Arch Testers, but given the fact that he was referring to those people with commit access, it should be obvious he meant 'Arch Teams'. Thomas -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
If we used git, proxy maintaining would be easier. Many things would be easier then. I'm all for switching to git. -- Best regards, Wulf pgpextitGtwiV.pgp Description: PGP Digital Signature
RE: [gentoo-dev] Monthly Gentoo Council Reminder for April
Petteri Räty wrote: Mike Frysinger kirjoitti: This is your monthly friendly reminder ! Same bat time (typically the 2nd Thursday at 2000 UTC / 1600 EST), same bat channel (#gentoo-council @ irc.freenode.net) ! If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. Defining required amount of activity for ebuild devs. I would like us to raise the required amount of activity for ebuild devs. Just committing monthly is not enough imho to require a developer status. How does having the average time between commits be at most a week sound and if it goes under that, undertakers will get a notification? Devaway would be there of course as usual Why four commits a month? Currently we are at one commit a month, any reason to quadruple it instead of requesting a slight raise, such as two commits a month? My concern is that not all developers who do contribute something each month can give Gentoo the commitment you request for every month. Should we lose their contributions as they are a smaller quantity because some people think that if you cant do more all the time then it's just not good enough? It seems that the goal should be to find positive ways to encourage more developers to become active, not start retiring those that cant give Gentoo as much time that others can. Kind regards, Christina Fullam Gentoo Developer Relations Lead | Gentoo Public Relations -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Chrissy Fullam kirjoitti: Petteri Räty wrote: Mike Frysinger kirjoitti: This is your monthly friendly reminder ! Same bat time (typically the 2nd Thursday at 2000 UTC / 1600 EST), same bat channel (#gentoo-council @ irc.freenode.net) ! If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. Defining required amount of activity for ebuild devs. I would like us to raise the required amount of activity for ebuild devs. Just committing monthly is not enough imho to require a developer status. How does having the average time between commits be at most a week sound and if it goes under that, undertakers will get a notification? Devaway would be there of course as usual Why four commits a month? Currently we are at one commit a month, any reason to quadruple it instead of requesting a slight raise, such as two commits a month? My concern is that not all developers who do contribute something each month can give Gentoo the commitment you request for every month. Should we lose their contributions as they are a smaller quantity because some people think that if you cant do more all the time then it's just not good enough? It seems that the goal should be to find positive ways to encourage more developers to become active, not start retiring those that cant give Gentoo as much time that others can. I checked the current slacker script and it checks for having at least one commit in last 60 days. We could of course just change the slacker script to list the activity for everyone during the last 60 days and leave the interpretation to undertakers. Regards, Petteri signature.asc Description: OpenPGP digital signature
RE: [gentoo-dev] Monthly Gentoo Council Reminder for April
Petteri Räty wrote: I checked the current slacker script and it checks for having at least one commit in last 60 days. We could of course just change the slacker script to list the activity for everyone during the last 60 days and leave the interpretation to undertakers. Interesting information, thank you for looking into the detail; I had been led to believe it was for 30 days. I do see value to modifying the script to list all activity, aiding undertakers in their task as well as useful information for those who may inquire. I do not rightly recall who wrote the script. Who can modify that script for us so we may test it out? Kind regards, Christina Fullam Gentoo Developer Relations Lead | Gentoo Public Relations -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On 09:53 Thu 03 Apr , Thomas Anderson wrote: On 11:35 Thu 03 Apr , Jorge Manuel B. S. Vicetto wrote: Petteri R??ty wrote: Recalling previous discussions about work on gentoo and some of the existing roles, what will you do to AT folks, release members or QA members? Are they also obliged to do a weekly commit to keep their privileges? AT folks aren't devs and see above. To be clear, I didn't meant arch testers but people that do keywords for arch teams. Actually, 'AT' can refer to either arch teams or Arch Testers, but given the fact that he was referring to those people with commit access, it should be obvious he meant 'Arch Teams'. It wasn't obvious at all to me, because he was talking about people who would have trouble keeping commit access. My understanding is that arch team members are constantly testing and keywording. Thanks, Donnie -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2008-04-03 at 13:49 +0200, Arfrever Frehtes Taifersar Arahesis wrote: If we used git, proxy maintaining would be easier. True, but with some acls we could also have a different model where people worked on parts of the tree and where commit privileges didn't pose so many security risks. With the current practice of doing work in overlays it would also be simpler to merge the work back into the Portage tree. Also Subversion would be sufficient. Release Engineering has been using subversion for the 2008.0 snapshot tree. The repository is running in tmpfs on a dual Opteron box. IT's still quite painfully slow. Of course, we're doing commits at the top-level since we have a single top-level ChangeLog for the repository, but we don't even have history. We literally just pulled ebuilds from the tree. Once the release is done, we can play around with the repository all that we want to get some real numbers, but unless there's some magic bullet that I'm missing, subversion might simply be too damned slow for our needs. As an anecdotal example, I've had a single commit of several profiles take up to 6 minutes to complete, and that's not with repoman or anything. -- Chris Gianelloni Release Engineering Strategic Lead Games Developer -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2008-04-03 at 09:21 -0400, Richard Freeman wrote: Regardless, as long as devs actually follow policy I don't see any need to boot them. Maybe very long periods of inactivity should result in having accounts locked as a security measure (so that we don't end up with hundreds of ssh keys with commit access floating around who knows where). Booting out lots of devs just takes a limited set of resources and limits them further. If anything we want to find a way to let more people contribute in a significant way - not less... I think many people seem to forget that it isn't the number of developers or the number of commits. It is all about the amount of actual work that gets done. We need more work being done. Period. It doesn't matter how that gets accomplished, but it is what we need. Removing less active developers would be perfectly fine once we had a good proxy maintainer program in place that would allow people to contribute easily without having to have commit access. A developer who only commits rarely isn't any more valuable to Gentoo than a regular user who contributes at the same pace. The only difference is the commit access and the Gentoo resources used by the individual. -- Chris Gianelloni Release Engineering Strategic Lead Games Developer -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Wednesday, 02. April 2008 22:46:16 Petteri Räty wrote: How does having the average time between commits be at most a week sound and if it goes under that, undertakers will get a notification? It sounds like you're trying to get rid of someone. -- Best regards, Wulf signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Mike Frysinger kirjoitti: This is your monthly friendly reminder ! Same bat time (typically the 2nd Thursday at 2000 UTC / 1600 EST), same bat channel (#gentoo-council @ irc.freenode.net) ! If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. Keep in mind that every GLEP *re*submission to the council for review must first be sent to the gentoo-dev mailing list 7 days (minimum) before being submitted as an agenda item which itself occurs 7 days before the meeting. Simply put, the gentoo-dev mailing list must be notified at least 14 days before the meeting itself. For more info on the Gentoo Council, feel free to browse our homepage: http://www.gentoo.org/proj/en/council/ Defining required amount of activity for ebuild devs. I would like us to raise the required amount of activity for ebuild devs. Just committing monthly is not enough imho to require a developer status. How does having the average time between commits be at most a week sound and if it goes under that, undertakers will get a notification? Devaway would be there of course as usual. Regards, Petteri signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Wulf C. Krueger wrote: On Wednesday, 02. April 2008 22:46:16 Petteri Räty wrote: How does having the average time between commits be at most a week sound and if it goes under that, undertakers will get a notification? It sounds like you're trying to get rid of someone. - !DSPAM:47f3f2be39031804284693! Yep its me! Seriously...we don't need to be paranoid people. -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Petteri Räty wrote: Defining required amount of activity for ebuild devs. I would like us to raise the required amount of activity for ebuild devs. Given that the low number of developers is ranked as our number one problem in Donnie's informal survey[1], taking any kind of action against infrequently-committing developers is likely to reduce the number of devs we have, and potentially make the problem worse. What benefits are you aiming to get from the suggestion? I can think og keeping the books tidy and reducing management time required to maintain the devs. Are there others I've missed? If they're worth the cost/effort involved with putting someone through the dev tests and getting them trained, then it seems a good idea, but otherwise probably not... Mike 5:) [1] http://dberkholz.wordpress.com/2008/02/21/redux-gentoos-top-3-issues/ -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Mike Auty kirjoitti: Petteri Räty wrote: Defining required amount of activity for ebuild devs. I would like us to raise the required amount of activity for ebuild devs. Given that the low number of developers is ranked as our number one problem in Donnie's informal survey[1], taking any kind of action against infrequently-committing developers is likely to reduce the number of devs we have, and potentially make the problem worse. What benefits are you aiming to get from the suggestion? I can think og keeping the books tidy and reducing management time required to maintain the devs. Are there others I've missed? If they're worth the cost/effort involved with putting someone through the dev tests and getting them trained, then it seems a good idea, but otherwise probably not... Mike 5:) [1] http://dberkholz.wordpress.com/2008/02/21/redux-gentoos-top-3-issues/ If you can't manage weekly commits, you can't respond to security issues either. This means that you should have devaway on. Regards, Petteri signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Petteri Räty wrote: If you can't manage weekly commits, you can't respond to security issues either. This means that you should have devaway on. That assumption is false. If there was a need to do weekly commits and the dev in question couldn't manage it, it would be wise to expect that he can't be relied upon with security fixes. However, there is no need to do periodic commits now, so the above theorem doesn't hold. :) Cheers, -jkt -- cd /local/pub more beer /dev/mouth signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Petteri Räty wrote: If you can't manage weekly commits, you can't respond to security issues either. I can see your point, I was more thinking about developers who have maybe one or two small packages that don't have many version bumps or bugs. They may be entirely able to respond to security issues, but may not have reason to make the weekly commit quota. I don't know the habits of developers well enough to know if this is a reasonable scenario? I was under the impression that if a dev couldn't respond quickly enough to a security issue, the security team could take steps (mask the package, try to fix it) to ensure the package doesn't pose a problem (as is presumably the case now with devs who forget to mark themselves as away). Depending on the actions you envisaged (sending a warning email, marking as away or retiring) this could create a lot of extra work for little benefit. If it was simply a warning email it might not be very pointful, but marking them as away then it sounds like it could be useful and automated... 5:) Mike 5:) -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Wulf C. Krueger kirjoitti: On Wednesday, 02. April 2008 22:46:16 Petteri Räty wrote: How does having the average time between commits be at most a week sound and if it goes under that, undertakers will get a notification? It sounds like you're trying to get rid of someone. I don't have numbers yet, but I presume this is going to mark quite a few developers. Regards, Petteri signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Wed, Apr 2, 2008 at 10:26 PM, Petteri Räty [EMAIL PROTECTED] wrote: If you can't manage weekly commits, you can't respond to security issues either. This means that you should have devaway on. So if you don't maintain enough packages to commit on average once a week, you're not worth having? Also, you said average, did you mean mode, median or mean? Over what time period? -- Richard Brown -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Mike Auty kirjoitti: Petteri Räty wrote: If you can't manage weekly commits, you can't respond to security issues either. I can see your point, I was more thinking about developers who have maybe one or two small packages that don't have many version bumps or bugs. They may be entirely able to respond to security issues, but may not have reason to make the weekly commit quota. I don't know the habits of developers well enough to know if this is a reasonable scenario? I was under the impression that if a dev couldn't respond quickly enough to a security issue, the security team could take steps (mask the package, try to fix it) to ensure the package doesn't pose a problem (as is presumably the case now with devs who forget to mark themselves as away). Depending on the actions you envisaged (sending a warning email, marking as away or retiring) this could create a lot of extra work for little benefit. If it was simply a warning email it might not be very pointful, but marking them as away then it sounds like it could be useful and automated... 5:) Mike 5:) Undertakers would still be processing the retirements. What I am talking about is changing how the list of potentially inactive people is created. Regards, Petteri signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Wed, 2008-04-02 at 22:19 +0100, Mike Auty wrote: Petteri Räty wrote: Defining required amount of activity for ebuild devs. I would like us to raise the required amount of activity for ebuild devs. Given that the low number of developers is ranked as our number one problem in Donnie's informal survey[1], taking any kind of action against infrequently-committing developers is likely to reduce the number of devs we have, and potentially make the problem worse. It's about quality not quantity maybe? What benefits are you aiming to get from the suggestion? I can think og keeping the books tidy and reducing management time required to maintain the devs. Are there others I've missed? If they're worth the cost/effort involved with putting someone through the dev tests and getting them trained, then it seems a good idea, but otherwise probably not... Well I think in part is keeping up with changes within Gentoo. Since I joined we have change the syntax and semantics of Gentoo Java ebuilds allot. Lots of things wrt to ebuilds constantly change. So could be more of your game. If your not keeping u[, you run the greater chance of falling behind, etc. The other side of that, and maybe it's part of the above suggestion, is re-taking the quizzes. I have long thought, just like driving tests. That maybe every so often existing devs should re-take the quizzes. The quizzes do change at times. Much less if your skills are sharp, should only take a few minutes if that. ( Mostly thinking of myself when I think about re-taking quizzes ;) ) I take it as an all around approach to increased QA. Possible motivator for developer activity with some very reasonable minimum requirements. Surely could have side effects, but not a horrible idea -- William L. Thomson Jr. amd64/Java/Trustees Gentoo Foundation signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Jan Kundrát wrote: Petteri Räty wrote: If you can't manage weekly commits, you can't respond to security issues either. This means that you should have devaway on. That assumption is false. If there was a need to do weekly commits and the dev in question couldn't manage it, it would be wise to expect that he can't be relied upon with security fixes. However, there is no need to do periodic commits now, so the above theorem doesn't hold. :) Would it make more sense to just make a policy that failure to maintain packages that you're maintainer on will result in getting removed as the maintainer, with said packages going up for grabs? Devs who keep claiming packages only to allow them to bitrot can be booted. However, unless a dev is actually a liability, does it make sense to get rid of them? Even a small positive contribution is still a positive contribution. If the concern is devs who become liabilities then why not make the policy to look for the liabilities themselves? -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Petteri Räty wrote: Mike Auty kirjoitti: Petteri Räty wrote: Defining required amount of activity for ebuild devs. I would like us to raise the required amount of activity for ebuild devs. Given that the low number of developers is ranked as our number one problem in Donnie's informal survey[1], taking any kind of action against infrequently-committing developers is likely to reduce the number of devs we have, and potentially make the problem worse. I agree with the above point. Also, as I recall, both Pettery (betelgeuse) and Denis (calchan) have stated before that we no longer have any queue of people waiting on recruiters to join Gentoo. I'm not seeing an avalanche of new blood entering the distro, so I'm wondering where we want to go. If we keep going the route of the last months, I wonder how long it will take until we get under 150 devs. I don't think this will benefit anyone. Furthermore, the trend in the last months was in large part the result of finally retiring people that had been slacking for a long time. This proposal could (would?) lead to sending away people that still do work, albeit at a slower pace or on bursts. What benefits are you aiming to get from the suggestion? I can think og keeping the books tidy and reducing management time required to maintain the devs. Are there others I've missed? If they're worth the cost/effort involved with putting someone through the dev tests and getting them trained, then it seems a good idea, but otherwise probably not... Mike 5:) [1] http://dberkholz.wordpress.com/2008/02/21/redux-gentoos-top-3-issues/ If you can't manage weekly commits, you can't respond to security issues either. This means that you should have devaway on. As others have commented, I don't agree with this point. Also, you're forgetting we have quite a few people working on this project and that we have many different roles. Although you're talking about ebuild devs only - so doc devs, infra and forums staff are exempt from this rule - you're assuming (asking?) that all people with access to gentoo-x86 are package maintainers and do a few, regular commits to the tree. As others have said, that assumes people keep more than a few ebuilds and that those packages require constant attention. Recalling previous discussions about work on gentoo and some of the existing roles, what will you do to AT folks, release members or QA members? Are they also obliged to do a weekly commit to keep their privileges? Finally, I thought the whole point of removing access to infra boxes (which is the end result of retiring a dev), was a concern with security and not a way to get rid of people - with the exception of administrative action by devrel. We've been having a few discussions about the future of Gentoo for some time and people have shown different goals and views on its future and on how to get there. One of the views seems to be that we need (only need?) an elite of super-devs that do daily (hourly?) commits. I have nothing against people that can give so much to this project, but I don't think it's reasonable, desirable or healthy to expect everyone to be able to that level of commitment. Also, wasn't this distro at one point all about community? I don't think raising the commitement level helps to involve people and as William (wltjr) pointed out shouldn't we be more concerned with quality than with quantity? I understand and agree that ebuild devs should keep a minimum level of work to justify their access to the gentoo-x86 tree. I would also like to have a few devs that can do major commits (although commit sprees can have their own problems), but I think there's still a place in this distro for people that want to maintain a few packages, that want to do AT work, that care with the QA of the tree or that work on releases. These people shouldn't be sent away, just because they can't keep with weekly commits (not enough work or time?) or because they work in bursts. As a final thought, I think this point is a tangent to the old debate about tree-wide commit privileges and or the scm of the tree. Afterall, if gentoo-x86 was a git tree and or we had acls in the tree, I don't think we would be having or would need to have this argument. Regards, Petteri -- Regards, Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org Gentoo- forums / Userrel / SPARC / KDE -- gentoo-dev@lists.gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Seemant Kulleen wrote: On Thu, 2007-04-05 at 13:29 +0200, Denis Dupeyron wrote: Why not simply allow trustees to veto a council decision ? This does not give trustees enough power to be a second council, but would permit them to stop something that they believe will damage Gentoo. This is very little red tape IMHO. I believe that the trustees do not necessarily have any jurisdiction over the council. They are concerned with legal type matters that affect the foundation, not with technical and political things within Gentoo itself. I could be wrong about this, but that's how I read it. Actually much of the hardware that supports gentoo is owned by or lend to the foundation. The trustees have legal control over that (while infrastructure has technical control), so if it comes to a pissing context, the foundation would probably win. It is not a situation anyone would want to get into. There is no other formal relationship between the foundation and the council. Paul (Gentoo dev/trustee) -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Wed, 4 Apr 2007 01:51:56 -0400 Mike Frysinger [EMAIL PROTECTED] wrote: - PMS: - status update from spb - moving it to Gentoo svn - schedule for getting remaining issues settled Same question as last time this came up: Can you name any other projects where the Council has become involved in scheduling issues? -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On 4/5/07, Alexandre Buisse [EMAIL PROTECTED] wrote: Well, the thing is, vote happens only once a year, and quite a lot of things can be done during that time. I just think that not having any rule at all concerning limitations to the council is tying our hands in our back. If the council never messes up, then this rule won't ever be used, and if they do, we'll be happy to have this handy rather than having to argue for ages and being told you elected us, so shut up and if you don't agree, don't vote for us next time (which is an answer I actually got several times). Why not simply allow trustees to veto a council decision ? This does not give trustees enough power to be a second council, but would permit them to stop something that they believe will damage Gentoo. This is very little red tape IMHO. If it's only stupid and not harmful it will be solved naturally with the current structure by waiting for the next elections (either at the end of the term or because enough council members resigned due to the situation). Denis. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Wed, 4 Apr 2007 15:17:18 -0500 Grant Goodyear [EMAIL PROTECTED] wrote: Alexandre Buisse wrote: [Wed Apr 04 2007, 02:36:43PM CDT] I won't take this to the council myself, but I think this should be discussed at the very least: we need a way to limit the council power, since it seems there is nothing to this effect in the metastructure glep. For what it's worth, I deliberately wrote the GLEP that way. The truth of the matter is that the Council has only whatever power the devs permit, so adding additional restrictions seems like a really bad idea to me. Right. Unfortunately, what the GLEP doesn't do is prevent the Council from having secret meetings and refusing to discuss not only the content of those meetings but even the topic. Perhaps a requirement that any Council meeting logs be made public would be useful, with a waiver that the Council can have a secret meeting if it officially announces that it is doing so? -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, Apr 05, 2007 at 09:26:41AM +0100, Ciaran McCreesh wrote: Unfortunately, what the GLEP doesn't do is prevent the Council from having secret meetings and refusing to discuss not only the content of those meetings but even the topic. Perhaps a requirement that any Council meeting logs be made public would be useful, with a waiver that the Council can have a secret meeting if it officially announces that it is doing so? If they want to have sekrit meetings with sekrit handshakes, let them. If enough people think this is not acceptable, they'll be gone on the next election. cheers, Wernfried -- Wernfried Haas (amne) - amne at gentoo dot org Gentoo Forums: http://forums.gentoo.org IRC: #gentoo-forums on freenode - email: forum-mods at gentoo dot org pgp04r7RTHldf.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Wed, Apr 04, 2007 at 12:27:09PM -0400, Mike Frysinger wrote: sorry, due to the thread (things for Council to talk about), i thought the work you were talking about was stuff for the Council to discuss ... that seems to not be the case Ah, sorry about that. As you said, right now there is nothing on my mind that needs to be actually discussed by the council. cheers, Wernfried -- Wernfried Haas (amne) - amne at gentoo dot org Gentoo Forums: http://forums.gentoo.org IRC: #gentoo-forums on freenode - email: forum-mods at gentoo dot org pgpCCFkeImvi3.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2007-04-05 at 13:29 +0200, Denis Dupeyron wrote: Why not simply allow trustees to veto a council decision ? This does not give trustees enough power to be a second council, but would permit them to stop something that they believe will damage Gentoo. This is very little red tape IMHO. I believe that the trustees do not necessarily have any jurisdiction over the council. They are concerned with legal type matters that affect the foundation, not with technical and political things within Gentoo itself. I could be wrong about this, but that's how I read it. Thanks, Seemant signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Fri, 06 Apr 2007 00:09:12 Wernfried Haas wrote: On Thu, Apr 05, 2007 at 09:26:41AM +0100, Ciaran McCreesh wrote: Unfortunately, what the GLEP doesn't do is prevent the Council from having secret meetings and refusing to discuss not only the content of those meetings but even the topic. Perhaps a requirement that any Council meeting logs be made public would be useful, with a waiver that the Council can have a secret meeting if it officially announces that it is doing so? If they want to have sekrit meetings with sekrit handshakes, let them. If enough people think this is not acceptable, they'll be gone on the next election. If Gentoo goes all political and ties itself up in hundreds of rules, regulations, and miles of the proverbial red tape it will cease to be effective, and become a fork target to be effectively taken over by somebody or other with superiour people and technical skills. Don't the names Debian, Shuttleworth, and Ubuntu ring bells? -- CS -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2007-04-05 at 13:29 +0200, Denis Dupeyron wrote: On 4/5/07, Alexandre Buisse [EMAIL PROTECTED] wrote: Well, the thing is, vote happens only once a year, and quite a lot of things can be done during that time. I just think that not having any rule at all concerning limitations to the council is tying our hands in our back. If the council never messes up, then this rule won't ever be used, and if they do, we'll be happy to have this handy rather than having to argue for ages and being told you elected us, so shut up and if you don't agree, don't vote for us next time (which is an answer I actually got several times). Why not simply allow trustees to veto a council decision ? This does not give trustees enough power to be a second council, but would permit them to stop something that they believe will damage Gentoo. Actually, while it isn't spelled out, this is likely the case, since the trustees (and the Foundation members, by extension) are the holders of the Gentoo name. The Foundation is what grants the Council its power by allowing Gentoo (Linux) to govern itself. Trust me, if the Council were doing something nasty and underhanded that would endanger Gentoo, the trustees would try to do *something* to prevent it. That being said, I don't think that anybody is out to try to harm Gentoo. We (the Council) understand that we cannot appease everybody all the time and don't make any apologies for not being able to do so. This is very little red tape IMHO. That being said, the Trustees really don't have jurisdiction over the Council's technical decisions or their decisions on how to actually run Gentoo. This is a power the trustees could have, but it isn't one they necessarily *do* have. I have no idea if they would even want it and my opinion doesn't matter a whole lot, since I would be in conflict of interest in pretty much any decision. If it's only stupid and not harmful it will be solved naturally with the current structure by waiting for the next elections (either at the end of the term or because enough council members resigned due to the situation). There's a huge difference between the Council doing something against Gentoo and the Council doing something certain people don't agree with. The former is completely intolerable while the latter is very likely to happen with any decision the Council makes. Some people will always spout off conspiracy theories and their opinions on how they think things should be, which is all fine and dandy except that it isn't how things *are* currently. If someone wants something changed, they can very well work to get it changed. Trying to force the Council to do something via underhanded tactics or baseless accusations doesn't do much. Getting the community together does. If the community decided that the Council is only allowed to hold meetings on Thursday when the moon is full, we'd abide by it. I just find this whole situation hysterical since you have so many people saying the Council needs to grow a pair and actually try to enact some good, and when we do, you hear a few vocal individuals running around screaming like we killed their kitten. So which is it? Would you rather have a strong Council that is capable of making decisions without having to worry about whether that decision is popular or not, or would you rather have a weak Council that cannot do anything without prior developer approval, completely castrating their abilities to enact change for fear of being removed from office? -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2007-04-05 at 08:19 -0400, Seemant Kulleen wrote: On Thu, 2007-04-05 at 13:29 +0200, Denis Dupeyron wrote: Why not simply allow trustees to veto a council decision ? This does not give trustees enough power to be a second council, but would permit them to stop something that they believe will damage Gentoo. This is very little red tape IMHO. I believe that the trustees do not necessarily have any jurisdiction over the council. They are concerned with legal type matters that affect the foundation, not with technical and political things within Gentoo itself. I could be wrong about this, but that's how I read it. Correct. Currently, the Council (or anyone, really) would have to do something to endanger our copyrights, trademarks, or our legal standing for the trustees to do anything. -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 5 Apr 2007 14:09:12 +0200 Wernfried Haas [EMAIL PROTECTED] wrote: On Thu, Apr 05, 2007 at 09:26:41AM +0100, Ciaran McCreesh wrote: Unfortunately, what the GLEP doesn't do is prevent the Council from having secret meetings and refusing to discuss not only the content of those meetings but even the topic. Perhaps a requirement that any Council meeting logs be made public would be useful, with a waiver that the Council can have a secret meeting if it officially announces that it is doing so? If they want to have sekrit meetings with sekrit handshakes, let them. If enough people think this is not acceptable, they'll be gone on the next election. Which is all very well, but it's kind of hard to evaluate the effectiveness of Council members and the Council as a whole if they're doing things behind everyone's backs and making horrible threats to try to prevent people from publishing logs of their goings on... I mean, what're people supposed to think from the likes of these? Kugelfang there have been, at that time, 6 council members plus one non council members in that channel ... Kugelfang ciaranm: and that's all i'll say regarding that, until the rest allows me to speak about the contents of that meeting ... Kugelfang i really wish i could publish this thing and: wolf31o2|mobile we're entrusted by certain outside parties to not disclose things that are spoken to us in confidence tove wolf31o2|mobile: how are outside parties involved in our coc? i don't understand this. can you please elaborate on it? wolf31o2|mobile tove: no, I cannot elaborate, nor do I care to... just realize that Gentoo has responsibilities to outside parties that provide services and goods to Gentoo... we have relationships that we would like to maintain... and that's about all I can say (or have time to say... I am at work) I mean, when it's reached the point where certain Council members are threatening to pull each others' access if anyone goes public with whatever it was that was discussed, *something* has to be done... The details can remain private if necessary, but publishing a brief summary along the lines of we discussed x and y and decided z *has* to be less harmful than the current mess where people are deleting their work and considering resignation because of whatever it is the Council are up to... -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Ciaran McCreesh [EMAIL PROTECTED] wrote: If they want to have sekrit meetings with sekrit handshakes, let them. If enough people think this is not acceptable, they'll be gone on the next election. Which is all very well, but it's kind of hard to evaluate the effectiveness of Council members and the Council as a whole if they're doing things behind everyone's backs and making horrible threats to try to prevent people from publishing logs of their goings on... Please evaluate the council's effectivness based on their achievements. And no, secret meetings don't count towards that. Seriously, i understand that the council should be as transparent as possible, but there are issues that need some confidential handling. threatening to pull each others' access if anyone goes public with whatever it was that was discussed, *something* has to be done... Um, that's hard to say without the thing in the open. I just trust the involved parties to have enough insight to bring anything that would harm gentoo to public scrunity (and following outcry). The details can remain private if necessary, but publishing a brief summary along the lines of we discussed x and y and decided z *has* Um, wait. Council *decisions*, as long as they're affecting gentoo's ways, must be out in the open. We won't end up with National Security Letters to infra or something (and i trust there'll be an uproar, if it ever reaches that point). Say, if the council decides to ice a project, how can that be kept secret? -- Regards, Matti Bickel Homepage: http://www.rateu.de Encrypted/Signed Email preferred pgpSbg74jRcs0.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2007-04-05 at 14:51 +0100, Ciaran McCreesh wrote: details can remain private if necessary, but publishing a brief summary along the lines of we discussed x and y and decided z *has* to be less harmful than the current mess where people are deleting their work and considering resignation because of whatever it is the Council are up to... Except we *did* do that when we first published what we'd done with the CoC. Just because ti didn't have a shiny Meeting Summary in the topic doesn't mean it wasn't the outcome of the meeting. You know the topic of discussion. You know the outcome. The details are private. Even you admit that is fine. I mean, all this the Council is hiding something conspiracy theory is bullshit. How about when I hang out with Mike Doty and we discuss Gentoo stuff? Is that some super-secret meeting where we're trying to circumvent some supposed requirement for transparency? Of course not... If the individual members of the Council feel like getting together and discussing something, we're perfectly free to do that. We don't have to tell you what we discussed. We're allowed to bounce ideas off each other, especially when discussing things said to us in confidence. I understand that some people disagree with this, but this is a simple fact of life. There are going to be cases where people will say something to someone in confidence and not include everyone in on it. There's nothing we can do about that and there is plenty of precedence for it. When someone asks me not to betray their trust, I won't. That's just how I am. If others feel that their knowing stuff that is honestly insignificant in detail since the end result turned out to be the same and done publicly, well, they're more than welcome to run for Council, themselves, but if they were to divulge such information after being privy to it, disciplinary action would *need* to be taken to retain the trustworthiness of Gentoo as a whole. Now, that being said, we *did* have a *public* meeting about our discussion, and all *decisions* we made were 100% public. I'm sorry if anyone feels like they were slighted by not being included in the discussions prior to the public meeting, but there's nothing anywhere that says that we have to have all of our discussions in public or even made publicly available. We *do* have to have all of our decisions made public, obviously. Personally, I'd just assume make the thing public just to shut people up, but I've really grown to have a stance where I'm less likely to give in to this sort of pressure, since it will do nothing more but prove that being a whiny bitch and trying to pressure people into doing something will get people what they want. I surely don't want to set *that* precedent. -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 05 Apr 2007 10:47:37 -0400 Chris Gianelloni [EMAIL PROTECTED] wrote: I mean, all this the Council is hiding something conspiracy theory is bullshit. Then why are certain Council members, you included, threatening to remove other Council members' and Gentoo developers' access if logs of whatever it was that occurred are published? What could possibly have been discussed related to the CoC that this level of threat is necessary or appropriate? Why are certain Council members claiming that if anyone disagrees with them they will soon not have a Gentoo email address? Honestly, the only reason there is any suggestion of a conspiracy is because of the threats being made by certain people to keep a certain log a secret... -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2007-04-05 at 16:00 +0100, Ciaran McCreesh wrote: Honestly, the only reason there is any suggestion of a conspiracy is because of the threats being made by certain people to keep a certain log a secret... The log contains information that was given to us in confidence. How much plainer do I have to make it? We can not, and WILL NOT break that trust. It really is that simple. -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Chris Gianelloni wrote: On Thu, 2007-04-05 at 16:00 +0100, Ciaran McCreesh wrote: Honestly, the only reason there is any suggestion of a conspiracy is because of the threats being made by certain people to keep a certain log a secret... The log contains information that was given to us in confidence. How much plainer do I have to make it? We can not, and WILL NOT break that trust. It really is that simple. Here's how it appears to someone reading all this, though: Ciaran *already knows* what's going on, which means that some person(s) who *were* privy to those meetings have talked, plain and simple. If that's true, then the information is out one way or another, and now the Council can decide if they want to talk about it first or let someone who wasn't actually at those meetings to divulge all the details. I guess it comes down to the trust you expect the Gentoo developers who voted for you in the first place to have in you against the trust the council members have in each other. This isn't a matter of throwing someone to the wolves, but consider the rest of the trust. :) signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2007-04-05 at 09:04 -0700, Josh Saddler wrote: Chris Gianelloni wrote: On Thu, 2007-04-05 at 16:00 +0100, Ciaran McCreesh wrote: Honestly, the only reason there is any suggestion of a conspiracy is because of the threats being made by certain people to keep a certain log a secret... The log contains information that was given to us in confidence. How much plainer do I have to make it? We can not, and WILL NOT break that trust. It really is that simple. Here's how it appears to someone reading all this, though: Ciaran *already knows* what's going on, which means that some person(s) who *were* privy to those meetings have talked, plain and simple. If that's true, then the information is out one way or another, and now the Council can decide if they want to talk about it first or let someone who wasn't actually at those meetings to divulge all the details. Well, from what I can gather, he only *thinks* he knows what was going on and he's filled in the blanks himself with whatever ideas he's come up with on his own. If he really does have the logs, he wouldn't be spouting off at the mouth since he would know that there's nothing damning in there, at all. I guess it comes down to the trust you expect the Gentoo developers who voted for you in the first place to have in you against the trust the council members have in each other. This isn't a matter of throwing someone to the wolves, but consider the rest of the trust. :) I'm not sure I follow what you're saying here. Are you saying that Gentoo developers would lose trust in us because we are keeping our word to people who spoke to us in confidence? Are you referring to a potential leak? As I said, I will not betray the trust put in me. If someone says something in confidence to me, it'll stay that way. I cannot speak for all of the other Council members, but I put the same level of trust in them to do the same. If one of them really has taken private conversations and made them public, then we really do have a problem and we need to address it, because that can severely damage Gentoo as a whole very easily. If nobody trusts us anymore, why will they support us? Simple. They won't. -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Donnie Berkholz wrote: Mike Doty wrote: apparent decline of QA in our packages. Anyone got numbers for that? Talking opinions, as in the SCM discussion, isn't real meaningful. Thanks, Donnie What metric would you use? the number of stages tried against a live tree before one can install? the number of companies leaving gentoo for another distro? bugs? mailing list posts? number of users? I don't know of a good metric for what you ask. Here's what I do know: 1) a QA team was formed in 06 2) QA has not visibly improved since then. To the outsider, it looks like it's gotten worse. - -- === Mike Doty kingtaco -at- gentoo.org Gentoo Council Gentoo Infrastructure Gentoo/AMD64 Strategic Lead GPG: E1A5 1C9C 93FE F430 C1D6 F2AF 806B A2E4 19F4 AE05 === -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.2 (GNU/Linux) iQCVAwUBRhUk0oBrouQZ9K4FAQLY0QP/fa1wU/4yJsc7eY5m/GVCrsJPNYreQf70 JxnWDBfu1bCn6byGjYnRb5rHc0MIJ6BfwxEm1cD6KKF89fRIG4RxZyzGDZd3ISnv m5tkhjHnl4EQHJyGHI/Jh5SQomFNDZJBtoRLP0YHuejCfrd6YjXoLd/PGMKogBg1 LSlthDzxrmw= =qj95 -END PGP SIGNATURE- -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 05 Apr 2007 09:04:09 -0700 Josh Saddler [EMAIL PROTECTED] wrote: Here's how it appears to someone reading all this, though: Ciaran *already knows* what's going on, which means that some person(s) who *were* privy to those meetings have talked, plain and simple. If that's true, then the information is out one way or another, and now the Council can decide if they want to talk about it first or let someone who wasn't actually at those meetings to divulge all the details. No, I don't know what's going on exactly -- I only have access to what people have said in public, and even then I'm not watching most of the IRC channels in which such things are usually said. What I do know: I know that there's a log involving a conversation between four or five Council members and one or two non-Council members that certain Council members are trying extremely hard to keep secret. I know that topics discussed in this log include the Code of Conduct and Gentoo sponsors, including OSL, and that it goes far beyond a private conversation. I know that at least one Council member would rather that this log were published. I know that at kingtaco and wolf31o2 have made threats along the lines of if you screw us over we will remove your access, including to a fellow Council member. I know that at least one Gentoo developer is seriously considering resigning because of what the Council have been doing on this, and that several more have expressed extreme dissatisfaction at the way the Council is handling things. I know that the person responsible for the CoC is no longer involved with it because of the Council's actions. I know that at least one Council member has made claims to the effect of if we don't get our way with this, Gentoo will be dead within a week, and that you can disagree all you want, but you won't have an @gentoo.org address if you do. What I *don't* know is what the heck the Council has done to get Gentoo into such a mess, if those claims are true. Or, if they're not, I don't know how Council members can get away with making the kind of threats they are making. Now, to resolve this... Why don't the people involved get together and publish a several paragraph summary of what was discussed? They can agree to leave out anything that really is sensitive, but since the majority of the log presumably isn't, it would be good to see a public summary. I guess it comes down to the trust you expect the Gentoo developers who voted for you in the first place to have in you against the trust the council members have in each other. This isn't a matter of throwing someone to the wolves, but consider the rest of the trust. :) It kind of stops becoming a matter of trust when Council members that also have infra powers make threats about removing other Council members' access... -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 05 Apr 2007 12:24:06 -0400 Chris Gianelloni [EMAIL PROTECTED] wrote: Well, from what I can gather, he only *thinks* he knows what was going on and he's filled in the blanks himself with whatever ideas he's come up with on his own. If he really does have the logs, he wouldn't be spouting off at the mouth since he would know that there's nothing damning in there, at all. I know that you and kingtaco threatened to remove a fellow Council member's access if he didn't go along with you on whatever it was you were discussing. If there's nothing damning in there, why would you do such a thing? I'm not sure I follow what you're saying here. Are you saying that Gentoo developers would lose trust in us because we are keeping our word to people who spoke to us in confidence? Are you referring to a potential leak? There is nothing stopping you from posting a several paragraph summary of whatever it was that was being discussed. Leave gaps for confidential things as appropriate, but don't use it as an excuse for burying the whole thing as you're trying to do here. -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Sunday 01 April 2007, Mike Frysinger wrote: If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. another one i had mentioned earlier: - a time frame on moving gentoo-core to public archives ... two years ? -mike pgpWtl3EG7L68.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Am Donnerstag, 5. April 2007 14:09 schrieb Wernfried Haas: If they want to have sekrit meetings with sekrit handshakes, let them. If enough people think this is not acceptable, they'll be gone on the next election. Especially as there are council members who don't rely like any privacy in that at all. vapier comes to my mind there :-D Danny -- Danny van Dyk [EMAIL PROTECTED] Gentoo/AMD64 Project, Gentoo Scientific Project -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thursday 05 April 2007, Ciaran McCreesh wrote: Unfortunately, what the GLEP doesn't do is prevent the Council from having secret meetings and refusing to discuss not only the content of those meetings but even the topic. Perhaps a requirement that any Council meeting logs be made public would be useful, with a waiver that the Council can have a secret meeting if it officially announces that it is doing so? what exactly does this solve ? nothing ? we go from having meetings nobody knows about where discussions happen that no one sees to having meetings everyone knows about where discussions happen that no one sees ... the only thing that comes from this is now people have more things to refer to vaguely to support lame hypothetical sitautions ive got a better idea Ciaran, stop spreading FUD ... i do believe we have something now that says purposefully spreading FUD is a no no -mike pgpTlO1F2WVYB.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2007-04-05 at 15:20 -0400, Mike Frysinger wrote: On Sunday 01 April 2007, Mike Frysinger wrote: If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. another one i had mentioned earlier: - a time frame on moving gentoo-core to public archives ... two years ? That's seems like a reasonable time frame. Any information would be outdated at that time, and not have any effect over current issues. -- William L. Thomson Jr. Gentoo/Java signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Am Donnerstag, 5. April 2007 21:20 schrieb Mike Frysinger: On Sunday 01 April 2007, Mike Frysinger wrote: If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. another one i had mentioned earlier: - a time frame on moving gentoo-core to public archives ... two years ? -mike What happened to 1 year? Danny -- Danny van Dyk [EMAIL PROTECTED] Gentoo/AMD64 Project, Gentoo Scientific Project -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2007-04-05 at 22:15 +0200, Danny van Dyk wrote: Am Donnerstag, 5. April 2007 14:09 schrieb Wernfried Haas: If they want to have sekrit meetings with sekrit handshakes, let them. If enough people think this is not acceptable, they'll be gone on the next election. Especially as there are council members who don't rely like any privacy in that at all. vapier comes to my mind there :-D I don't like it, either. I understand that there are sometimes requirements on keeping things private, but I'm all for doing everything as publicly as possible. It keeps complete wastes of time like this current thread from cropping up as easily, for one. -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thursday 05 April 2007, Danny van Dyk wrote: Am Donnerstag, 5. April 2007 21:20 schrieb Mike Frysinger: On Sunday 01 April 2007, Mike Frysinger wrote: If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. another one i had mentioned earlier: - a time frame on moving gentoo-core to public archives ... two years ? What happened to 1 year? i'm fine with 1 week, but if people want to argue lower ... -mike pgp4YAlgmVwkl.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, 2007-04-05 at 15:20 -0400, Mike Frysinger wrote: On Sunday 01 April 2007, Mike Frysinger wrote: If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. another one i had mentioned earlier: - a time frame on moving gentoo-core to public archives ... two years ? I object and hope this is never done. There are things said on core that I do not wish to be public. I've sent mails myself that if they were ever going to be published publicly I would of never sent them. -- Ned Ludd [EMAIL PROTECTED] Gentoo Linux -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On 4/5/07, Chris Gianelloni [EMAIL PROTECTED] wrote: I just find this whole situation hysterical since you have so many people saying the Council needs to grow a pair and actually try to enact some good, and when we do, you hear a few vocal individuals running around screaming like we killed their kitten. So which is it? Why would the council need to grow a pair when it already has SpanKY's ;o) I only proposed the veto thing because I felt that it could be a good compromise to reassure those devs who fall for the conspiracy theories, so that they feel safe and get back to work. I never believed the council would realistically do something that would harm Gentoo. I'm sorry for the confusion if any. Would you rather have a strong Council that is capable of making decisions without having to worry about whether that decision is popular or not, or would you rather have a weak Council that cannot do anything without prior developer approval, completely castrating their abilities to enact change for fear of being removed from office? Agreed, here. There was one vote last summer when we collectively decided that the current council members were the best for the job. And that's all we need until next summer. I have been reading carefully a lot of emails and irclogs for some time, especially during the recent events, and I must say that I'm very pleased with the way things went, and how people (of the council and devrel mainly) interacted. While I'm not 100% satisfied with the outcome, which may be a sure sign the right decisions were made, I certainly won't complain. Denis. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Ned Ludd kirjoitti: On Thu, 2007-04-05 at 15:20 -0400, Mike Frysinger wrote: On Sunday 01 April 2007, Mike Frysinger wrote: If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. another one i had mentioned earlier: - a time frame on moving gentoo-core to public archives ... two years ? I object and hope this is never done. There are things said on core that I do not wish to be public. I've sent mails myself that if they were ever going to be published publicly I would of never sent them. We don't have to decide to open up all the old archives but instead we can decide that posts from now on will be made public after X amount of time has passed. Regards, Petteri -- Gentoo/Recruiters lead Gentoo/Java lead signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thu, Apr 05, 2007 at 02:18:40PM -0700, Ned Ludd wrote: I object and hope this is never done. There are things said on core that I do not wish to be public. I've sent mails myself that if they were ever going to be published publicly I would of never sent them. As far i remember the idea was only to make mails public from whenever this applies, not the ones sent before. So you can still stop sending your weekly goat pics once that happens. :-] cheers, Wernfried -- Wernfried Haas (amne) - amne at gentoo dot org Gentoo Forums: http://forums.gentoo.org IRC: #gentoo-forums on freenode - email: forum-mods at gentoo dot org pgpRjeCV5NaCu.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Thursday 05 April 2007, Wernfried Haas wrote: On Thu, Apr 05, 2007 at 02:18:40PM -0700, Ned Ludd wrote: I object and hope this is never done. There are things said on core that I do not wish to be public. I've sent mails myself that if they were ever going to be published publicly I would of never sent them. As far i remember the idea was only to make mails public from whenever this applies, not the ones sent before. So you can still stop sending your weekly goat pics once that happens. :-] i'd like both, but i'll take what i can get -mike pgpQhCeFDIaCz.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Frysinger wrote: some topics off the top of my head: - unaddressed CoC issues: - add a mission statement - fix wording to have a positive spin - what else ? - sync Social Contract with Gentoo Foundation statement (external entities) - documentation for mail servers still pending i believe (SPF / reply-to) - PMS: - status update from spb - moving it to Gentoo svn - schedule for getting remaining issues settled - splitting gentoo-dev mailing lists ? -mike apparent decline of QA in our packages. - -- === Mike Doty kingtaco -at- gentoo.org Gentoo Council Gentoo Infrastructure Gentoo/AMD64 Strategic Lead GPG: E1A5 1C9C 93FE F430 C1D6 F2AF 806B A2E4 19F4 AE05 === -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.2 (GNU/Linux) iQCVAwUBRhNA4oBrouQZ9K4FAQI5UAQAwvttdK9LELxXCckP4wm3AblkNt7y0SAt 7RX5H4X7b0Jmp0E2uGYnWGRcdQcLCLxDNkIrNK7NDZgo+zOJeuHL6kOe8v1FaQYl REifgbI1iltpvRPdMmBFL9wnDbRJt2CiG7RwpTS0aR503JGt+CjY5TYzvH4g194U vsXBGvCXHB4= =bdZs -END PGP SIGNATURE- -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Mike Doty wrote: apparent decline of QA in our packages. Anyone got numbers for that? Talking opinions, as in the SCM discussion, isn't real meaningful. Thanks, Donnie -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Wed, Apr 04, 2007 at 01:51:56AM -0400, Mike Frysinger wrote: some topics off the top of my head: - unaddressed CoC issues: - add a mission statement - fix wording to have a positive spin - what else ? We need quite a few more people on the CoC team. One reason being that we want to be sure to cover more timezzones and different cultures. Other reason being to make sure it's not just an old boys club where everybody on the team sees things exactly the same way which could easily undermine any consensus based decisions. - sync Social Contract with Gentoo Foundation statement (external entities) - documentation for mail servers still pending i believe (SPF / reply-to) Kingtaco or robbat2 said they would commit that documentation a good while ago iirc. - PMS: - status update from spb - moving it to Gentoo svn - schedule for getting remaining issues settled - splitting gentoo-dev mailing lists ? -mike Regards, Bryan Østergaard -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Since i tried to get things running for the last week or two, i need to throw in my 2 cents here. On Wed, Apr 04, 2007 at 10:18:17AM +0200, Bryan Østergaard wrote: On Wed, Apr 04, 2007 at 01:51:56AM -0400, Mike Frysinger wrote: some topics off the top of my head: - unaddressed CoC issues: - add a mission statement ++, also some other docs stuff. - fix wording to have a positive spin Sounds like a good idea. Since i first read about this here on the dev list: Please, if you want to get stuff done, at least cc: [EMAIL PROTECTED] so they have a chance to do so. - what else ? We need quite a few more people on the CoC team. One reason being that we want to be sure to cover more timezzones and different cultures. I fully agree. So far two people have been added, who were suggested by me and added after a given timeframe had passed with no complaints. Still, this is not enough yet i think. Other reason being to make sure it's not just an old boys club where everybody on the team sees things exactly the same way which could easily undermine any consensus based decisions. Which is the reason i didn't bring in more people myself, but am still waiting for others to suggest someone. :-P Other than that, i already expected this to be a topic at the next council meeting and there is a list of things that should be done by then. cheers, Wernfried -- Wernfried Haas (amne) - amne at gentoo dot org Gentoo Forums: http://forums.gentoo.org IRC: #gentoo-forums on freenode - email: forum-mods at gentoo dot org pgpTe3IM5RzPA.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Wednesday 04 April 2007, Wernfried Haas wrote: Since i tried to get things running for the last week or two, i need to throw in my 2 cents here. On Wed, Apr 04, 2007 at 10:18:17AM +0200, Bryan Østergaard wrote: On Wed, Apr 04, 2007 at 01:51:56AM -0400, Mike Frysinger wrote: - unaddressed CoC issues: - add a mission statement ++, also some other docs stuff. snip Other than that, i already expected this to be a topic at the next council meeting and there is a list of things that should be done by then. rather than hinting at stuff, can we make sure all issues expect to have discussed actually enumerated ? vagueness in the past has forced us to simply punt topics to the next meeting :/ -mike pgpl0ILFpbdkm.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Wed, Apr 04, 2007 at 05:55:56AM -0400, Mike Frysinger wrote: On Wednesday 04 April 2007, Wernfried Haas wrote: Since i tried to get things running for the last week or two, i need to throw in my 2 cents here. On Wed, Apr 04, 2007 at 10:18:17AM +0200, Bryan Østergaard wrote: On Wed, Apr 04, 2007 at 01:51:56AM -0400, Mike Frysinger wrote: - unaddressed CoC issues: - add a mission statement ++, also some other docs stuff. snip Other than that, i already expected this to be a topic at the next council meeting and there is a list of things that should be done by then. rather than hinting at stuff, can we make sure all issues expect to have discussed actually enumerated ? I'm not sure if i understand your question correctly, so sorry if my answer has nothing to with your question. I compiled a list of things that i think need to be done such as defining some general guidelines for work, setting up a project page, recruiting people, etc. Since none of the council people watching over the work complained, i think we're on the right track, but if there's something missing or you have a list of issues that need to be addressed, please give me a copy to merge it with mine. If you want to be involved more closely or need more info, just poke me on irc. vagueness in the past has forced us to simply punt topics to the next meeting :/ I'm a bit sucked up by real life atm, but i definitely want to (and most likely will) to get work done until the next meeting. cheers, Wernfried -- Wernfried Haas (amne) - amne at gentoo dot org Gentoo Forums: http://forums.gentoo.org IRC: #gentoo-forums on freenode - email: forum-mods at gentoo dot org pgpKTQCupy6YM.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Wednesday 04 April 2007, Wernfried Haas wrote: I compiled a list of things that i think need to be done such as defining some general guidelines for work, snip sorry, due to the thread (things for Council to talk about), i thought the work you were talking about was stuff for the Council to discuss ... that seems to not be the case -mike pgpVbNzaX9ABb.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
On Sun, Apr 1, 2007 at 12:32:06 +0200, Mike Frysinger wrote: This is your monthly friendly reminder ! Same bat time (typically the 2nd Thursday at 2000 UTC / 1500 EST), same bat channel (#gentoo-council @ irc.freenode.net) ! If you have something you'd wish for us to chat about, maybe even vote on, let us know ! Simply reply to this e-mail for the whole Gentoo dev list to see. Hi, I won't take this to the council myself, but I think this should be discussed at the very least: we need a way to limit the council power, since it seems there is nothing to this effect in the metastructure glep. I think that when members of the council, who have total control on gentoo, say things like I don't feel we should listen to what the dev community thinks, then one should begin to worry. Concretely, I suggest that a reasonable way is created to appeal council decisions. Of course, one should make sure that this won't led to systematic appeals that would only make people lose time (something like 20% of devs must have agreed to this before any vote takes place, or so). If enough people are interested, I'm sure someone will step up to present this to the council, and if not, well, it will just have been another lost email on this list. Regards, /Alexandre PS: sorry to post this with my g.o address, I haven't resubscribed with another address yet. -- Hi, I'm a .signature virus! Please copy me in your ~/.signature. pgppVGFyDgRlX.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Alexandre Buisse wrote: [Wed Apr 04 2007, 02:36:43PM CDT] I won't take this to the council myself, but I think this should be discussed at the very least: we need a way to limit the council power, since it seems there is nothing to this effect in the metastructure glep. For what it's worth, I deliberately wrote the GLEP that way. The truth of the matter is that the Council has only whatever power the devs permit, so adding additional restrictions seems like a really bad idea to me. I think that when members of the council, who have total control on gentoo, say things like I don't feel we should listen to what the dev community thinks, then one should begin to worry. Someone actually said that? In any event, Gentoo is a community project. If you can convince enough of the community that you're right, and the Council is wrong, then the Council is extremely likely to listen. If they don't, vote out the bums. -g2boojum- -- Grant Goodyear Gentoo Developer [EMAIL PROTECTED] http://www.gentoo.org/~g2boojum GPG Fingerprint: D706 9802 1663 DEF5 81B0 9573 A6DC 7152 E0F6 5B76 pgppKgEGeE8NE.pgp Description: PGP signature
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Alexandre Buisse wrote: I won't take this to the council myself, but I think this should be discussed at the very least: we need a way to limit the council power, since it seems there is nothing to this effect in the metastructure glep. I'm not going to write an essay because I don't have the time, but I dislike this idea. We'll just get everything wrapped up in red tape again like devrel was, and who do you appeal to when you (in the plural) decided to put this group of people in charge in the first place? This isn't a three-branch government and I don't think it should be. Thanks, Donnie -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Monthly Gentoo Council Reminder for April
Grant Goodyear [EMAIL PROTECTED] wrote: For what it's worth, I deliberately wrote the GLEP that way. The truth of the matter is that the Council has only whatever power the devs permit, so adding additional restrictions seems like a really bad idea to me. grant++ Seriously, if enough devs can agree that the council's wrong, the council can say all they like, in the end it's the community that has to implement changes. If there's uproar about councils decisions, i'm sure we'd find a way to let them know in a way they can't ignore :) In general, please give the guys some credit, please give the community some credit. We're not powerless, we'll never be. -- Regards, Matti Bickel Homepage: http://www.rateu.de Encrypted/Signed Email preferred pgpoJ5TYtw83W.pgp Description: PGP signature
