Grant Goodyear wrote: > Over the years we've had a fairly consistent stream of suggestions that > we should open up the e-build maintaining process to users instead of > just devs. The main arguments against it are the security issues and an > expectation that it would add to developer workloads. The former is > certainly a real problem, although signing (assuming a reasonable > web-of-trust) could mitigate that some (at least we'd know who to > blame). The latter, however, is conjecture, and the only good way to > verify it would be to actually try it and see what happens. Oh, and > there's also a very real fear that if things go horribly wrong, that > Gentoo's reputation would suffer quite badly. Perhaps I'm naive, but I > tend to think that if we were to advertise project sunrise as > experimental, temporary, use-at-your-own-risk, and > might-break-your-system, That is already done.
> and even put it on hardware without a > gentoo.org address and add Sorry, we cannot do that. gentoo.org is an essential part of Sunrise and even the reason it came into existance. Looking at the project page [1] I can see multiple goals that would become hard if not impossible on non-gentoo hardware. "provide a central home for contributed ebuilds that do not (yet) find a place in the portage tree" It is hard to make it look like a central place if it is not on .gentoo.org "get users to contribute their ebuilds to "gentoo" instead of a third-party overlay" This is particularly important to me, because I have delt with users having problems with overlays. If the overlay-maintainer is unreachable and the overlay is broken it harms gentoos reputation even if the overlay is not on gentoo hardware. Overlays should be on gentoo as much as possible so that we are able to fix breakage. Users will not contribute or will be hard to persuade for a not gentoo.org overlay. > a portage hook that warns whenever the > project sunrise overlay is used, This came up already at the beginning of Sunrise and has of course been taken care of [2} > then our reputation isn't really likely > to suffer even if it's a complete disaster. Sorry, I cannot see how this could turn into a complete disaster. It is all controlled, controllable and access can be restricted, removed, it can be modified, .. because it is on .gentoo.org even infra has the ability to shut it down if things go bad. [1] http://www.gentoo.org/proj/en/sunrise [2] http://bugs.gentoo.org/136031 Regards, Stefan -- gentoo-dev@gentoo.org mailing list
