On 7 November 2015 at 02:16, Michael Orlitzky wrote:
> These days, if I'm careful to revbump when necessary AND limit my
> commits to one logical change, can I wind up going from (say) -r1 all
> the way to -r4 before pushing my changes.
Personally I don't think that's necessary. The "-r bump on d
On 13 December 2015 at 09:41, Andreas K. Huettel wrote:
> Well. We had that idea already, and at some point something barfed, I dont
> remember the details anymore. Maybe someone else from the team knows.
>
> The problem is introducing too many variables that look like something
> *upstream* might
On Thu, 19 Mar 2020 15:40:20 -0400
Mike Gilbert wrote:
> I'm not sure what you mean by "stabilization graph". I'm guessing you
> mean the dependency graph for stable keywords?
>
> Valid dependency graphs are determined by whatever our tooling deems
> valid. The tooling could be updated to permit
On Sat, 21 Mar 2020 11:03:19 +0300
Alexander Tsoy wrote:
> Binary distros usually have separate repositories for each
> architecture.
One aspect: They don't have a package database that's a collection of
bash scripts that have to be routinely executed.
And they also don't have USE flags to comp
On Sun, 22 Mar 2020 15:11:23 +0100
"Haelwenn (lanodan) Monnier" wrote:
> I think it might be better to fix bugzilla to be able to send multiple
> attachments at once. AWS S3 might be okay for the long term but I've often
> seen paste services being used and most of them expire in a week/month,
On Mon, 23 Mar 2020 20:27:51 +0200
Joonas Niilola wrote:
> AFAIK all major changes have been posted here and pushed with some delay.
In my experience, "Some delay" is usually short, as developers making
the change are eager to push it through.
But the people maintaining the overlays are much mo
On Wed, 1 Apr 2020 17:53:39 -0700
Alec Warner wrote:
> you cannot accept arbitrary long
> passwords
Sure you can, as long as you're not storing them anywhere, and are
instead, storing their checksum of some kind.
Then the only limitations really are how much memory and time you have
to locally
On Thu, 2 Apr 2020 10:01:57 +0200
Michal Prívozník wrote:
> Alternatively, you can set up a VM that contains nothing but the bare
> minimum required to run app X and assign webcam to it, for instance.
> Having said that, I'd still love the packaging system to install the app
> as it resolves all
On Sun, 5 Apr 2020 17:11:01 +0100
Samuel Bernardo wrote:
> Sorry about my comment, but couldn't that be solved choosing the right
> profile or opting for an official overlay, raking the assurance level of
> those?
If zoom is a binary only package, not opensource, we can't make any
assurances.
E
On Mon, 6 Apr 2020 23:55:07 +0100
Samuel Bernardo wrote:
> This is the kind of useful information that we could collect from the
> QA, extending the greatness of the best distro ever made. The
> availability of software from a distro is better than installing it
> standalone, allowing to share kn
On Tue, 7 Apr 2020 12:47:33 +0200
Thomas Deutschmann wrote:
> Sure, that could have banal reasons like "No one audited the Linux
> version yet". But in security you don't issue warnings if you aren't
> sure. Because if you make false statements people will no longer trust
> you. But trust is ever
On Tue, 07 Apr 2020 14:44:04 +0100
Roy Bamford wrote:
> Gentoo must not single out any package for special treatment.
Indeed. Cases like this just demonstrate that something about the way
we do things is somehow inadequate.
The idea that "what we have works" is something we get away with,
becau
On Wed, 8 Apr 2020 17:39:54 +
Peter Stuge wrote:
> E.g. for auditing the installed values of these could be worth a lot.
Only as far as analyising "why was this package installed, currently
the metadata says its un-audited!".
But for things like "affected by CVE/Bug", the very nature of tho
On Fri, 10 Apr 2020 12:31:19 +0100
Samuel Bernardo wrote:
> - if there is more then X new versions in upstream, get from a release
> feed associated with ebuild (X value defined by project leader with
> threshold set by CI)
This is probably the biggest difficult part really.
There's lots of dif
On Sat, 11 Apr 2020 11:39:21 -0400
Michael Orlitzky wrote:
> I've been setting them just in case someone has a workflow/automation
> involving the keywords that hasn't been updated in ten years. If you
> kill the keywords, I wouldn't have to worry about that, so +1.
And that's pretty much the sa
On Sun, 12 Apr 2020 10:43:07 +0200
Agostino Sarubbo wrote:
> In case of 'yes', the arch team member must compile with FEATURE="test" and
> he
> is allowed to block the stabilization in case of test-failure.
>
> In case there will be a test-failure there are two choices:
> 1) The maintainer fix
On Sat, 11 Apr 2020 21:41:58 +0100
Samuel Bernardo wrote:
> loosing ebuilds (we
> wants it!... we needs it must!... my precious)
Ebuilds are never actually "lost".
If you use gentoo's git repo for /usr/portage, you can always wind back
the whole tree, or some subset thereof, to a state where t
I've just discovered dev-perl/Ace has some fun questionable licensing
which includes a lovely indemnity clause, which had previously gone
unnoticed, and it stipulates additional requests for research
publications, which is not something mentioned in any license currently
in tree other than Tinker
On Sat, 25 Apr 2020 14:12:02 -0700
Alec Warner wrote:
> Thus I now plan to remove this access[0]. If you need access to ssh as
> something not-git to git.gentoo.org, let me know in the next week.
Will this affect people who set up no-op SSH connections for a
persistent connection master, so that
On Sun, 26 Apr 2020 10:08:32 +0200
Michał Górny wrote:
> A proper solution to cluster problem would probably involve some way to
> internally collect and combine data data before submission. If you have
> large clusters of similar systems, I think you'd want to have all
> packages used on differ
Advantages:
- {{package}} template can link to this as well as the page on
packages.gentoo.org when it exists
- packages.gentoo.org can link to this when it exists
- Serves as a good default place for "maintainer down" and
inter-maintainer documentation.
- Good place to document the sorts of
On Sun, 26 Apr 2020 14:38:54 +0200
Thomas Deutschmann wrote:
> Let's assume we will get reports that app-misc/foo is only installed 20
> times. If you are going to judge based on this data, "Obviously, nobody
> is using that package, it's stuck on ... safe to remove" your
> view is biased:
I see
On Sun, 26 Apr 2020 03:39:24 -0700
Brian Dolbec wrote:
> We would need that
> person/team to only enable their test system for gentoostats/disabled
> for deployments. Repeated failure to do that could result in that uuid
> being blacklisted. Part of the initial profile details for that
> vm/ima
On Sun, 26 Apr 2020 10:52:27 +0200
Michał Górny wrote:
> Do you have any other idea for spam protection then?
What is the realistic risk here for spamming?
If the record is well formed, and pertains to known packages, the worst
I currently imagine is astroturfing: A single individual attempting
On Sun, 26 Apr 2020 18:00:19 -0700
Alec Warner wrote:
> This is correct.
Surely then, this is a reduction in fuctionality.
That's a handy tool to put up your sleeve when you're trying to avoid
getting thrashed by slow network connects when some contributor is
pushing every 30 seconds :)
pgp6H
On Mon, 27 Apr 2020 09:43:44 -0400
Mike Gilbert wrote:
> He was replying to me. Your master connection will continue to work
> just fine, as I said in my previous message.
I must have lost something in grammar, because no matter how many times I read:
> If you are authenticating that master con
On Tue, 5 May 2020 02:47:48 +0200
Thomas Deutschmann wrote:
> Yes it would be a signal but a useless signal, not?
"There are no users reported using this dist, so we can nuke it" is
still far far superior to "there are no reverse dependencies, so we can
nuke it"
*Even* when the former is false
On Thu, 23 Apr 2020 10:32:41 +1200
Kent Fredric wrote:
Ugh. I just discovered this approach is in use in multiple packages.
https://metacpan.org/source/LDS/AcePerl-1.92/DISCLAIMER.txt
https://metacpan.org/source/LDS/Bio-SamTools-1.00/DISCLAIMER
https://metacpan.org/source/AVULLO/Bio-DB-HTS
On Fri, 8 May 2020 09:49:18 +0200
Jaco Kroon wrote:
> So we do need the full list of packages installed, filtered to ::gentoo,
> but there needs to be an indicated whether it's installed because it's
> in @world, as a dep of something in @world (which is possibly not in
> ::gentoo), or is some fo
On Sat, 09 May 2020 15:22:52 +0200
Gerion Entrup wrote:
> I'm not sure, if Portage is capable of this, but a distinction in USE
> flags needed to fulfil some dependency of another package and USE flags
> actively activated by the user could be useful.
Presently impossible, as how portage impleme
On Thu, 07 May 2020 09:29:36 +0200
Michał Górny wrote:
> For example, if OCaml bindings on some package are broken and require
> a lot of work, I would find useful to know how likely it is that anyone
> is using it. Or if a lot of people are enabling 'frobnicate' flag,
> I could consider employi
On Tue, 19 May 2020 13:27:40 +0200
Michał Górny wrote:
> gander --submit
The server replied (500):
Server Error (500)
Server Error (500)
Submission failed.
pgpLOndd9Coih.pgp
Description: OpenPGP digital signature
On Thu, 21 May 2020 14:25:00 +0200
Ulrich Mueller wrote:
> That's why I said salted hash.
Even a salted hash becomes a trivial joke when the input data you're
hashing has a *total* entropy of only 32bits.
You at very least need a unique salt per hash, or you only have to
expose the salt to crea
On Thu, 21 May 2020 10:47:07 +0200
Michał Górny wrote:
> An alternative of using a proof-of-work algorithm was suggested to me
> yesterday. The idea is that every submission has to be accompanied with
> the result of some cumbersome calculation that can't be trivially run
> in parallel or optimi
On Thu, 21 May 2020 15:16:12 +0200
Michał Górny wrote:
> Isn't the whole point of salted hash to use unique salts?
You'd thinik so, but I've seen too many piece of code where the salt
was a hardcoded string right there in the hash generation.
md5sum( "SeKrIt\0" + pass )
So I've learned to nev
On Fri, 22 May 2020 01:38:02 +1200
Kent Fredric wrote:
> So instead of the ID being generated locally, you'd send a request
> asking for an ID, it would send you the challenge math, you'd send the
> answer, and then you'd get your ID.
Additionally, you could even al
On Thu, 21 May 2020 10:47:07 +0200
Michał Górny wrote:
> Other ideas
> ===
> Do you have any other ideas on how we could resolve this?
And a question I'd like to revisit, because nobody responded to it:
- What are the incentives a would-be spammer has to spam this service.
Services tha
On Fri, 22 May 2020 12:53:03 -0700
Brian Dolbec wrote:
> We cannot exclude overlays which will have cat/pkg not in the main
> gentoo repo. So, we should not excludea submission that includes a few
> of these. They would just become irrelevant outliers to our
> processesing of the data. In fact
On Fri, 22 May 2020 22:13:11 +
Peter Stuge wrote:
> While services such as reCAPTCHA are (as said) massively intrusive, there
> are other, much less intrusive and even terminal-compatible ways to construct
> a CAPTCHA. Hello game developers, you have 80x23 "pixels" to render a puzzle
> for a
On Fri, 22 May 2020 21:58:54 +0200
Michał Górny wrote:
> Let's put it like this. This thing starts working. Package X is
> broken, and we see that almost nobody is using it. We remove that
> package. Now somebody is angry. He submits a lot of fake data to
> render the service useless so that
On Sun, 24 May 2020 09:40:50 +0800
"Pengcheng Xu" wrote:
> Do we currently have (or is there a plan for) a mechanism to manage the
> symbolic links and/or create them after merging the package when necessary?
> It's quite tiresome to type in $CHOST-gcc for simple everyday tasks.
There are (cu
On Sat, 23 May 2020 22:41:02 -0400
Mike Gilbert wrote:
> Could you please add this flag to package.use.force? I don't think we
Sounds more like a case for package.use.stable.force or something.
For non-stable, we don't give guarantees about well-supported, only
that there will be bugs, and they
On Sun, 24 May 2020 10:33:18 +0200
Michał Górny wrote:
> If it creates an invalid environment that is known to break packages
> and is not QA-sanctioned, it should be masked. Period.
Seems like yet another argument in favour of my initial position, that
it probably shouldn't be controlled by a
On Sun, 24 May 2020 13:05:35 +
Peter Stuge wrote:
> The bar only needs to be raised high enough.
Sure. A lot of this is just "think about what could happen in the worst
case imaginable".
Its very unlikely our worst cases will happen.
But we should at least have the ability to easily add mi
On Sun, 7 Jun 2020 06:43:19 -0400
Rich Freeman wrote:
> Historically a lot of projects worked more like "tags" as an
> alternative way of grouping packages other than categories. While
> tags are a great idea projects are a terrible way to implement them.
I was thinking perhaps instead of "grou
On Wed, 10 Jun 2020 20:25:20 +0200
Michał Górny wrote:
> The general purpose of codec project [2] is to maintain core libraries
> for various multimedia format encoder/decoder libraries. It's like
> gfx+sound+video except only for core packages and not every possible
> single viewer, player, edi
On Fri, 12 Jun 2020 02:04:51 -0700
Georgy Yakovlev wrote:
> +#cargo_src_configure --no-default-features
Looking at the source, I don't see how this is passed from this command to
anything.
> + # transform array from simple feature list
> + # to multiple cargo args:
> + # --feat
On Fri, 12 Jun 2020 09:24:11 -0700
Georgy Yakovlev wrote:
> Not sure if --features=default will activate default set and how it
> will react to being passed along.
>
> --no-default-features --features default
> IDK, looks kinda unnatural.
>
> I have a feeling that we'll get more boilerplate if
On Sun, 28 Jun 2020 08:18:23 -0400
Michael Orlitzky wrote:
> With LD set to something libtooly in the
> environment, the pari build fails. We can solve that by unsetting LD in
> the ebuild, but for that to be The Right Thing To Do, we should be
> expecting LD to contain something libtooly, and th
On Wed, 8 Jul 2020 02:57:57 +
Max Magorsch wrote:
> I am glad to announce further progress at packages.gentoo.org (pgo in
> the following). Compared to previous work during the last months,
> which mostly addressed the back end, the new changes are rather
> comprehensive. That's why I am look
On Wed, 8 Jul 2020 02:57:57 +
Max Magorsch wrote:
> Additionally, there are new sites for all package maintainers, that is:
> - Gentoo Projects (e.g. pyt...@gentoo.org)
> - Gentoo Developers (e.g. la...@gentoo.org
> - Proxied Maintainers (e.g. la...@the-cow.de)
Some other thoughts her
On Wed, 8 Jul 2020 02:57:57 +
Max Magorsch wrote:
> - all outdated packages (according to repology)
Unfortunately for Perl, repology can't be taken verbatim.
There's a really fun problem with Perl versions, so I'll link you to
our writeup to explain it:
https://wiki.gentoo.org/wiki/Proje
On Wed, 8 Jul 2020 09:40:17 +0100
Alexey Sokolov wrote:
> Another comment, unrelated to the new features: RESTRICT="test?
> (test)" probably shouldn't trigger the T symbol the same way as
> RESTRICT="test" does.
+1.
This presently has bothered me, because it basically means with the
roll-out o
On Wed, 8 Jul 2020 20:48:44 +1200
Kent Fredric wrote:
> The "easy" workaround is to use `dev-perl/Gentoo-PerlMod-Version`, and
> have it munch upstreams version into a "gentoo normalized version", and
> then use that version for comparison.
Actually, on that note
# Kent Fredric (2020-07-10)
# No reverse dependencies, and Gtk2 support is becomming
# obsolete in Gentoo.
# Removal in 30 days
pgpqlJgLDz9hL.pgp
Description: OpenPGP digital signature
# Kent Fredric (15 Jul 2020)
# No LICENSE declaration by upstream, and no response from upstream
# since at least 2013 as to what license to use (bug #732710)
# Removal in 30 days.
dev-perl/Data-Diver
pgp9YHMIAr5i9.pgp
Description: OpenPGP digital signature
On Tue, 28 Jul 2020 19:17:04 -0400
Aaron Bauman wrote:
> net-irc/quasselgrep
Uh, what?
[I] net-irc/quasselgrep
Installed versions: 0_p20190211(13:18:43
18/07/20)(PYTHON_TARGETS="python3_7 -python3_6")
Maybe just the older version?
pgpZibCoYPFgd.pgp
Description: OpenPGP digital signatu
# Kent Fredric (2020-08-17)
# No reverse dependencies, and Gtk support is becomming
# obsolete in Gentoo
# Removal in 30 days
dev-perl/gnome2-vfs-perl
pgpZCAMkQcO9D.pgp
Description: OpenPGP digital signature
On Tue, 1 Sep 2020 08:47:12 -0400
Michael Orlitzky wrote:
> Here's a trick that bugzilla cannot do: show me the bugs that are
> assigned to me **or a project that I'm a member of**. Killer feature
> right there.
Something bugzilla also doesn't do:
Automatically search for "dev-foo/bar" in cf_st
On Thu, 3 Sep 2020 14:49:25 +0100
Michael 'veremitz' Everitt wrote:
> I know this is a much more onerous "solution" but I thought I would throw
> it out there, and see if any other interested parties (eg. kent\n and
> potentially graaff) may be able to share their thoughts..
Actually, the more I
On Mon, 7 Sep 2020 08:14:52 +0200
Michał Górny wrote:
> However, please
> +do not include it in the package.mask entry as users do not need
> +to be forced to proactively unmerge it.
I can think of a utilitarian value of doing this anyway.
Namely, it gives a window during `emerge -uD @
On Sun, 13 Sep 2020 12:04:39 -0700
Alec Warner wrote:
> Is openrc critical to Gentoo? it doesn't live on our infra.
> Is pkgcore critical to Gentoo? it doesn't live on our infra.
Both those things are "things employed by users for their systems".
Neither of those things are integral to any work
On Tue, 15 Sep 2020 09:12:58 +0200
Toralf Förster wrote:
> However this doesn't cover bugs filed a while ago and are not be fixed in
> current stable.
A mitigation would be it wouldn't file a stabilization req if there was
already one open.
Basically means as soon as there's one stable req, it
On Mon, 14 Sep 2020 10:15:31 -0400
Rich Freeman wrote:
> It might be easier to take smaller steps, such as having a policy that
> "any call for devs to use/test a new tool/service, or any service that
> automatically performs transactions on bugzilla, must be FOSS, and the
> link to the source mu
On Wed, 16 Sep 2020 07:11:12 -0400
Rich Freeman wrote:
> I realize this is a bit more tangential. I just think that infra is
> already a huge failure point, so having more stuff on infra actually
> makes that failure point more critical. A Gentoo where little is
> hosted on stuff we own is much
On Wed, 16 Sep 2020 19:47:35 -0400
Rich Freeman wrote:
> Seems like a way to improve this would be better documentation and a
> DIY infra testing platform.
>
> First, document how to prepare a service for infra hosting. Maybe
> provide an example service.
>
> Second, publish a tarball of a con
On Wed, 16 Sep 2020 16:05:49 -0600
Tim Harder wrote:
> Speaking for myself, I avoid hosting most of my Gentoo-related work
> (outside of gentoo repo ebuild mangling) on gentoo.org since I prefer
> the services offered elsewhere in terms of usability, visibility, and
> project maintenance. Take th
On Tue, 6 Oct 2020 20:55:25 +
Max Magorsch wrote:
> Further customization options are available on the preferences pages.
> Feel free to let me know if you are missing anything. Apart from that:
> Happy customizing.
>
> /M
This is awesome \o/
Though I may have spotted a bug or two.
When y
On Sat, 17 Oct 2020 18:05:40 -0400
Aisha Tammy wrote:
> gui-libs/display-manager-init
Uh, do we need a new catagory for this one package?
pgp0al5IKutdA.pgp
Description: OpenPGP digital signature
On Sun, 18 Oct 2020 11:41:38 +1300
Kent Fredric wrote:
> Uh, do we need a new catagory for this one package?
Scratch that, my brain is disabled and my eixing failed the first time
and I jumped because it was a category with no recollection of seeing
before.
Now I see there is one, I do st
On Mon, 02 Nov 2020 00:05:34 +
"Robin H. Johnson" wrote:
> The attached list notes all of the packages that were added or removed
> from the tree, for the week ending 2020-11-01 23:59 UTC.
>
> Removals:
<3MB of data trimmed>
It looks like you reported all added and removed packages for th
On Wed, 4 Nov 2020 17:34:07 +0100
Marek Szuba wrote:
>> x11-terms/rxvt-unicode
> Will co-maintain this one with conikost, don't mind being listed as
> primary maintainer.
If you strike an issue that you think should be followed upstream, rope
me in. (put me on the bottom of the maintainer list
On Mon, 9 Nov 2020 12:15:07 +0200
Jaco Kroon wrote:
> You mentioned working raport with upstream? Can we rely on that to at
> the very least get them to update that to "due to the way Gentoo
> functions we request that you first file issues with the Gentoo
> repository rather than directly with
On Wed, 11 Nov 2020 19:38:35 -0500
Rich Freeman wrote:
> I thought that the whole mirror:// thing was discouraged. For
> anything else you just stick SRC_URI in the ebuild and the mirrors
> should fetch it when they see it in the repo.
>
> I just host stuff like that on my dev webspace, or bett
On Wed, 11 Nov 2020 19:38:35 -0500
Rich Freeman wrote:
> I just host stuff like that on my dev webspace, or better yet on
> github or something else that will auto-tarball stuff.
Oh, yeah, and don't rely on github auto-tarball stuff.
History has demonstrated github sometimes "forgets" their cac
801 - 875 of 875 matches
Mail list logo
