On Wed, Aug 02, 2006 at 02:24:17AM +0200, Carsten Lohrke wrote: > On Monday 31 July 2006 07:05, Seemant Kulleen wrote: > > OK, let's start with: what exactly is the problem? > 1) Please reread my replies in the first sunrise thread. Points are: 1) no security,
Suggest you read their responses, and look into some of their material (in particular their faq). Two levels. One, holding area (essentially). Second level (what users get), is the reviewed branch. So... if you're arguing people can stick malicious shit into the first level, yes, they could. I could also stick malicious code into bugzilla. If you're dumb enough to run it without checking it, your own fault (both cases). If you're arguing that malicious code gets stuck into reviewed... when I was a dev, I could have very easily done the same thing. Comes down to trust that they know what they're doing for the second level- again, same situation for the gentoo-x86. And... just cause I'm mildly sick of this bullshit, I'll head off the retort of "but people with +w for gentoo-x86 have been passed through the developer process, screening the malicious". Ayone determined can punch through it without issue- *both* gentoo-x86 and sunrise. > 2) issues with eclass changes which will result in bug spam You're not supposed to change the exposed api of eclasses in the tree (something y'all do violate I might add, which is a seperate QA matter). Same issue applies to the 'official' overlays offered by devs also, and to the tree in general. It's a reaching statement, bluntly. Using such an arguement has the side affect of stating that no overlays should ever exist, because they suffer the same potentials. Which obviously is a bit of BS. > 3) the fact that sunrise is a bunch of arbitrary packages, instead close > related ones managed > by one team, that does exactly maintain relevant packages. What the hell do you think the tree is? It's a bunch of arbitrary packages maintained loosely by subgroups of people; you're stating that sunrise is too loose yet gentoo-x86 is fundamentally no different. Sunrise is pretty much the same damn thing. > These issues are > fundamental, pointed out multiple times. You can't believe how ridiculous > Mike's question in the other thread, if there were any remaining issues, > sound to me and obviously others. Frankly, your points are assine/fud here. If you're going to bitch about flaws inherent in the work _you_ also do, kindly at least state it's universal rather then pawning it off as a sunrise specific failing. ~harring
pgptKcKdR2dgG.pgp
Description: PGP signature
