On Fri, 2006-06-09 at 13:28 +0200, Carsten Lohrke wrote: > > we do support it security wise, we will be reacting upon security issues. > > We do have package.mask support in the overlay and we are going to use it. > > The ebuilds have a quality, repoman is required to be run. Also > > contributors should be knowing what they are doing - they are submitting an > > ebuild to the sunrise overlay, it needs to follow certain standards. > > See, I don't go over this bridge, that an overlay of arbitrary packages, with > varying skills and knowledge needed, can be decently controlled with very few > people caring and not having a security team backing you up.
I couldn't agree more. With the entire security team, plus arch teams, plus package maintainers, plus arch testers, it is *still* a complex job to maintain security in the tree. However, this group thinks that without any backup support whatsoever, that they'll be able to maintain the security of a project with countless contributors of varying degrees of skill and proficiency in writing ebuilds, as well as the security of the packages themselves. -- Chris Gianelloni Release Engineering - Strategic Lead x86 Architecture Team Games - Developer Gentoo Linux
signature.asc
Description: This is a digitally signed message part
