Patrick Lauer wrote:
On Fri, 2006-06-09 at 16:14 -0400, Chris Gianelloni wrote:
How exactly is it easier to manage a large number of ebuilds versus a
small number?
It is easier to manage one large overlay than managing 35 small overlays.
Communication overhead, duplication of effort,
On Sat, 10 Jun 2006 10:27:29 -0400
Chris Gianelloni [EMAIL PROTECTED] wrote:
[lots of good stuff - +lots Chris]
Not so many moons ago, new ebuilds were submitted to bugzilla. The
bug wranglers would assign the bugs to the team most likely to end up
as the maintainers, and new ebuilds either
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Gianelloni wrote:
[. . .]
Right on! :)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEi/j4rsJQqN81j74RAsRHAKCJsN09KKGlLq5CD4Bh/7r9QYJ12QCgnFx1
lRWrDI1euePCP0MrwoP/Emg=
=G9qu
-END PGP SIGNATURE-
--
Donnie Berkholz wrote:
Chris Gianelloni wrote:
Since when was overlays.gentoo.org supposed to even be a service to our
users? As I understand it, the goal was to ease development, not to
provide an easy method for half-working ebuilds to make it to our user's
machines.
Our users are
First off, I would like to apologize to everyone who has to read this
thread. I know that it is long. I know that it can be frustrating.
That being said, I also ask for your patience in this matter, as I am
not going to back down on this. I will not roll over and let something
I see as this
On Thu, 2006-06-08 at 20:06 -0400, Chris Gianelloni wrote:
You don't need a subversion client, you perhaps notice the http in front
of the url.. just open it up in your browser and you get the source
immediately.
Umm... so now I need to go and instead of clicking a nice link in
bugzilla,
On 6/9/06, Chris Gianelloni [EMAIL PROTECTED] wrote:
Wouldn't this process be *infinitely* easier if instead of sunrise
there was a pam overlay with *only* the pam stuff?
I agree that it would make sense for the the sunrise overlay to
contain smaller package trees, with each package tree aimed
Patrick Lauer wrote:
On Thu, 2006-06-08 at 20:06 -0400, Chris Gianelloni wrote:
Again, read what I wrote. I said that the developer would see sunrise
in the PORTDIR_OVERLAY of the user's emerge --info, which you reiterated
without considering. This is a login bug. At no point did they make
On Friday 09 June 2006 11:06, Jakub Moc wrote:
The thing has been sitting in bugzilla for ages, I've asked Flameeyes to
commit it and he said he's not going to put any mode pam stuff into the
tree unless he's using the modules himself.
Or if somebody wants to help with PAM and related...
On Fri, 2006-06-09 at 10:28 +0200, Patrick Lauer wrote:
Except that I can *look* at an ebuild without having to break out a
subversion client currently.
See my answer in 3)
See mine. ;]
Hmmm ... bugzilla.
Instead of a simple cvs up; cd /usr/local/portage/category/package I
need to
On 6/9/06, Edward Catmur [EMAIL PROTECTED] wrote:
With an overlay: search sunrice.gentoo.org for the package
If you want people to debate seriously with you, stop calling this
project 'sunrice'.
If you can't discuss this topic respectfully with others on this list,
please stop using our
Edward Catmur wrote:
On Fri, 2006-06-09 at 10:28 +0200, Patrick Lauer wrote:
Instead of a simple cvs up; cd /usr/local/portage/category/package I
need to search for ALL bugs with $name in it, look which one it is,
curse bugzilla for falling asleep again, see which attachments are
relevant,
This may work for Apache or PHP, but an overlay with arbitrary maintainer
wanted ebuilds would need an extra bugzilla account. The problem is that
this won't really help, since (some) users will see oh, an kde app crashed
and file a bug at [EMAIL PROTECTED] Then /me looks at the tree, doesn't
On Fri, 2006-06-09 at 02:49 +0200, Markus Ullmann wrote:
Excellent. So we're moving the history from being in a single location
(the bug) to being in multiple locations. That will definitely improve
the development process. Another thing that people tend to miss is that
not all improved
On Fri, Jun 09, 2006 at 08:16:32AM -0400, Chris Gianelloni wrote:
On Fri, 2006-06-09 at 02:49 +0200, Markus Ullmann wrote:
This is a bug for an ebuild that the user does not think is related to
the pam_skey. Go back and read what I wrote.
it was agreed upon that we don't keep
On Fri, Jun 09, 2006 at 05:42:01AM -0700, Brian Harring wrote:
Curious, how will the wrangler know in general? *cough* they won't.
You're using a generic arguement against a specific target- iow, apply
it to overlays.g.o in general instead of singling sunrise out via it.
Well, the other
On Fri, 2006-06-09 at 10:28 +0200, Patrick Lauer wrote:
On Thu, 2006-06-08 at 20:06 -0400, Chris Gianelloni wrote:
You don't need a subversion client, you perhaps notice the http in front
of the url.. just open it up in your browser and you get the source
immediately.
Umm... so now
On Fri, 2006-06-09 at 11:06 +0200, Jakub Moc wrote:
The thing has been sitting in bugzilla for ages, I've asked Flameeyes to
commit it and he said he's not going to put any mode pam stuff into the
tree unless he's using the modules himself. Nothing wrong w/ that. So, I
can either keep on
Chris Gianelloni wrote:
snipped lots and lots of valid points
Well, I am going to do everything within my power to stop it. I will
not back down until this project is dead. It really is that simple.
*golf-clap*
--
Andrew Gaffneyhttp://dev.gentoo.org/~agaffney/
On Fri, 2006-06-09 at 11:01 +0100, Edward Catmur wrote:
Hmmm. I think an overlay does have some advantages there ...
Advantages? With bugzilla I: search for the bug, cc myself on it,
download the relevant files, look over them, note a style error, try to
merge it, fix a compilation bug,
On Fri, 2006-06-09 at 12:33 +0200, Jakub Moc wrote:
well. A couple of examples:
http://bugs.gentoo.org/show_bug.cgi?id=122500
And again, you use my project of an example. Perhaps you should try
looking at something that actually supports your argument?
A subversion repository was built for
Chris Gianelloni wrote:
With an overlay: search sunrice.gentoo.org for the package (no, I don't
know category/name), sync that directory (no, I'm not syncing the whole
sunrice tree), check it over, note some mistakes, compile it if I feel
OK with it, it fails, I fix it - and what then? Where
well. A couple of examples:
http://bugs.gentoo.org/show_bug.cgi?id=122500
And again, you use my project of an example. Perhaps you should try
looking at something that actually supports your argument?
I think it's an example of how user-friendly is bugzilla...
--
Best Regards,
Piotr
On Fri, 2006-06-09 at 02:08 +0100, Ciaran McCreesh wrote:
On Fri, 09 Jun 2006 02:49:14 +0200 Markus Ullmann [EMAIL PROTECTED]
wrote:
| No. It clearly says that you would be doing the basic QA checks and
| repoman checking on initial commit. You even said it right above
| where I
Peper wrote:
well. A couple of examples:
http://bugs.gentoo.org/show_bug.cgi?id=122500
And again, you use my project of an example. Perhaps you should try
looking at something that actually supports your argument?
I think it's an example of how user-friendly is bugzilla...
Yeah,
On Fri, 2006-06-09 at 20:12 +0200, Jakub Moc wrote:
Peper wrote:
well. A couple of examples:
http://bugs.gentoo.org/show_bug.cgi?id=122500
And again, you use my project of an example. Perhaps you should try
looking at something that actually supports your argument?
I think it's an
On Fri, 2006-06-09 at 05:42 -0700, Brian Harring wrote:
On Fri, Jun 09, 2006 at 08:16:32AM -0400, Chris Gianelloni wrote:
On Fri, 2006-06-09 at 02:49 +0200, Markus Ullmann wrote:
This is a bug for an ebuild that the user does not think is related to
the pam_skey. Go back and read what
On Fri, 2006-06-09 at 10:05 -0700, Donnie Berkholz wrote:
Chris Gianelloni wrote:
With an overlay: search sunrice.gentoo.org for the package (no, I don't
know category/name), sync that directory (no, I'm not syncing the whole
sunrice tree), check it over, note some mistakes, compile it if
Chris Gianelloni wrote:
Initially, yes. What happens once the user gets complete access to the
repository, though? Are we going to be keeping people from adding
packages without bugs?
Absolutely. This is for maintainer-wanted stuff, so it should be
documented in Bugzilla and assigned to
On Fri, 09 Jun 2006 20:06:04 +0100 Christel Dahlskjaer
[EMAIL PROTECTED] wrote:
| I'd say that it's entirely possibly for some non-dev to sneak
| malicious code into the tree as is now, just as it will be possible
| to do in an overlay.
|
| It's not like it's particulary difficult to have
On Fri, 2006-06-09 at 19:41 +0200, Patrick Lauer wrote:
This *will* affect *every* ebuild developer.
Maybe you don't realize that taking ebuilds for packages that are _not in
portage_ and providing them in a nice bundle does not affect every developer?
I'm sorry for the language, but I call
Chris Gianelloni wrote:
Since when was overlays.gentoo.org supposed to even be a service to our
users? As I understand it, the goal was to ease development, not to
provide an easy method for half-working ebuilds to make it to our user's
machines.
Our users are our biggest base of testers,
On Fri, 2006-06-09 at 20:32 +0100, Ciaran McCreesh wrote:
Huge difference between committing a few things for a person you know,
where you have time to review code, and bulk committing random stuff
where you don't have time to check anything. That's the deal here -- if
a large number of
On Fri, 2006-06-09 at 20:32 +0100, Ciaran McCreesh wrote:
On Fri, 09 Jun 2006 20:06:04 +0100 Christel Dahlskjaer
[EMAIL PROTECTED] wrote:
| I'd say that it's entirely possibly for some non-dev to sneak
| malicious code into the tree as is now, just as it will be possible
| to do in an
On Fri, 2006-06-09 at 22:51 +0200, Patrick Lauer wrote:
On Fri, 2006-06-09 at 16:14 -0400, Chris Gianelloni wrote:
[snip]
If someone wanted to exploit boxen he'd use a much simpler attack
vector ... our rsync mirrors are wide open. No need to secure the little
window over there when the
On Fri, 2006-06-09 at 20:12 +0200, Jakub Moc wrote:
Peper wrote:
well. A couple of examples:
http://bugs.gentoo.org/show_bug.cgi?id=122500
And again, you use my project of an example. Perhaps you should try
looking at something that actually supports your argument?
I think it's an
Patrick Lauer wrote:
On Fri, 2006-06-09 at 16:14 -0400, Chris Gianelloni wrote:
[snip]
If someone wanted to exploit boxen he'd use a much simpler attack
vector ... our rsync mirrors are wide open. No need to secure the little
window over there when the front door is open ...
Really? I'd
On Fri, 9 Jun 2006 11:24:34 +0100 Stuart Herbert
[EMAIL PROTECTED] wrote:
| On 6/9/06, Edward Catmur [EMAIL PROTECTED] wrote:
| With an overlay: search sunrice.gentoo.org for the package
|
| If you want people to debate seriously with you, stop calling this
| project 'sunrice'.
Why? It's a
On Fri, Jun 09, 2006 at 05:22:18PM -0400, Chris Gianelloni wrote:
On Fri, 2006-06-09 at 22:51 +0200, Patrick Lauer wrote:
On Fri, 2006-06-09 at 16:14 -0400, Chris Gianelloni wrote:
[snip]
If someone wanted to exploit boxen he'd use a much simpler attack
vector ... our rsync mirrors
On Fri, 2006-06-09 at 16:14 -0400, Chris Gianelloni wrote:
Since when was overlays.gentoo.org supposed to even be a service to our
users? As I understand it, the goal was to ease development, not to
provide an easy method for half-working ebuilds to make it to our user's
machines.
What's
To clarify things a bit (hopefully):
1) security
This is not the main tree, just a normal overlay. Okay, some non-devs
contribute here but doesn't change the fact that it is just an overlay
as any other out there in the world. Well, it is a bit different. Here
are some devs keeping an eye on the
Markus Ullmann wrote:
6) problems on infra hardware
Well Lance arised that, so if infra has that big concerns about this
project (I personally see no hard reason for it, but let the infra guys
handle it how they want), then feel free to drop me a note and we host
it elsewhere. I really see
On Thu, Jun 08, 2006 at 08:58:48PM +0200, Markus Ullmann wrote:
This is not the main tree, just a normal overlay. Okay, some non-devs
contribute here but doesn't change the fact that it is just an overlay
as any other out there in the world. Well, it is a bit different. Here
are some devs
On Thursday 08 June 2006 20:58, Markus Ullmann wrote:
3) replacement for bugs.g.o
I would prefer if people would still comment on the bugs when they do some
changes on the overlay so that at least we know that.
Some ebuilds found their way into the overlay, we talked about that
internally and
On Чтв, 2006-06-08 at 21:20 +0200, Henrik Brix Andersen wrote:
It's not a normal overlay as I see it. You've promoted it to be an
official overlay. The difference is huge in my opinion.
IMO such overlay should be official! Why not to keep all (partially)
broken ebuilds in one place? This is the
On Чтв, 2006-06-08 at 21:20 +0200, Henrik Brix Andersen wrote:
It's not a normal overlay as I see it. You've promoted it to be an
official overlay. The difference is huge in my opinion.
IMO such overlay should be official! Why not to keep all (partially)
broken ebuilds in one place? This is the
Henrik Brix Andersen wrote:
It's not a normal overlay as I see it. You've promoted it to be an
official overlay. The difference is huge in my opinion.
Well partly you're right. As it is promoted that way it is a bit more
official but anyway still an overlay.
Will you also review the code
On Thu, 08 Jun 2006 23:52:50 +0400 Peter Volkov (pva)
[EMAIL PROTECTED] wrote:
| Will you also review the code each and every ebuild pull down over
| the internet?
|
| And that is really exciting moment. :) The main difference between
| such overlay and wiki is that reading text never does `rm
On 6/8/06, Henrik Brix Andersen [EMAIL PROTECTED] wrote:
Will you also review the code each and every ebuild pull down over the
internet?
The policy for overlays.gentoo.org hosting [1] is hopefully clear: as
the project leads, they're ultimately responsible (and therefore
accountable) for what
On Thu, Jun 08, 2006 at 09:35:07PM +0100, Ciaran McCreesh wrote:
On Thu, 08 Jun 2006 23:52:50 +0400 Peter Volkov (pva)
[EMAIL PROTECTED] wrote:
| Will you also review the code each and every ebuild pull down over
| the internet?
|
| And that is really exciting moment. :) The main
On Thu, Jun 08, 2006 at 10:05:38PM +0100, Stuart Herbert wrote:
On 6/8/06, Henrik Brix Andersen [EMAIL PROTECTED] wrote:
Will you also review the code each and every ebuild pull down over the
internet?
The policy for overlays.gentoo.org hosting [1] is hopefully clear: as
the project leads,
On Thu, 2006-06-08 at 20:58 +0200, Markus Ullmann wrote:
To clarify things a bit (hopefully):
1) security
This is not the main tree, just a normal overlay. Okay, some non-devs
contribute here but doesn't change the fact that it is just an overlay
as any other out there in the world. Well,
Hi Henrik,
On 6/8/06, Henrik Brix Andersen [EMAIL PROTECTED] wrote:
While reading the policy above, I stumbled across this line:
Bug Tracking: bugs.g.o is the OneTrueBugTrackingSystem(tm), even for
overlays.
Could you please elaborate on this?
Sure ... in the discussion we had on -dev
On Thu, 2006-06-08 at 21:57 +0200, Markus Ullmann wrote:
Well at least briefly. We decided to maintain it in an official way and
thus keep an eye on the quality of the checkins. As said, at least a
briefly view at it and also a repoman scan.
A repoman scan won't catch subtle bugs caused in
On Thu, 2006-06-08 at 21:35 +0100, Ciaran McCreesh wrote:
On Thu, 08 Jun 2006 23:52:50 +0400 Peter Volkov (pva)
[EMAIL PROTECTED] wrote:
| Will you also review the code each and every ebuild pull down over
| the internet?
|
| And that is really exciting moment. :) The main difference
Chris Gianelloni wrote:
No, but the ebuilds are also checked by the team in question, that
actually knows the packages, versus a couple of developers that will be
overworked, dealing with packages that they are completely unfamiliar
with and have no experience with. I just don't see the two
First let me state this one really important thing:
The sunrise project is a project on its own. We're about to convert it
to a TLP to make clear that it shares nothing with the overlay project
except the hardware ressources and the overlay feature of portage.
Chris Gianelloni wrote:
On Thu,
On Thu, 2006-06-08 at 15:22 -0700, Donnie Berkholz wrote:
Chris Gianelloni wrote:
No, but the ebuilds are also checked by the team in question, that
actually knows the packages, versus a couple of developers that will be
overworked, dealing with packages that they are completely unfamiliar
On Fri, 2006-06-09 at 00:30 +0200, Markus Ullmann wrote:
I know that when I spoke of security, I was not only talking about the
security of letting non-developers commit to an overlay that is, by
design, for end users, but also of the implications of ensuring that any
packages in these
Chris Gianelloni wrote:
On Fri, 2006-06-09 at 00:30 +0200, Markus Ullmann wrote:
I know that when I spoke of security, I was not only talking about the
security of letting non-developers commit to an overlay that is, by
design, for end users, but also of the implications of ensuring that any
On Fri, 09 Jun 2006 02:49:14 +0200 Markus Ullmann [EMAIL PROTECTED]
wrote:
| No. It clearly says that you would be doing the basic QA checks and
| repoman checking on initial commit. You even said it right above
| where I commented!
|
| You're doing some witch hunting here... I said we keep
Stuart Herbert wrote:
On 6/8/06, Henrik Brix Andersen [EMAIL PROTECTED] wrote:
Will you also review the code each and every ebuild pull down over the
internet?
The policy for overlays.gentoo.org hosting [1] is hopefully clear: as
the project leads, they're ultimately responsible (and
62 matches
Mail list logo