On 08/11/2016 07:32 PM, Kent Fredric wrote:
On Thu, 11 Aug 2016 17:27:14 -0700
Patrick McLean <chutz...@gentoo.org> wrote:
It's not like there is a shortage of
packages that install crappy crap on your system...
In this instance I agree that we're kinda stressing about the wrong
thing.
But I can't support that reasoning.
"There is bad stuff in tree so why not have more" is not a great line
of reasoning.
We want things to be *better*, we should shy away from that reasoning.
The *reason* here is "user choice".
As much as Gentoo developers may have problems with steam, user-choice
orientation dictates we should at least consider supporting it in some
regard, and if we can do so without affecting the people who don't want
steam, we should also strive to do that.
And we *can*.
That's why its better as an independent thing, not as core mechanics in
libpcre.
One possible solution, is to realize that everyone is right from their
perspective. OK. Then how do *we* find an acceptable solution set? Well,
this is not the first time and it's occurring more and more frequently
in gentoo, from my perspective, that our ying-n-yang of secure vs
innovation is pulling the devs apart.
1. We do need an extraordinarily (think hardened++) secure gentoo, as
the nefarious activities of interlopers is becoming an avalanche on
computing and networking (Think Zener (or avalance) diode). [1]
A few quick and easy, stage-4 offerings for common needs, would be a
strong recruiting tool for gentoo. ymmv.
[1] https://en.wikipedia.org/wiki/Avalanche_diode
Certainly QA is part of that solution, and those folks are 100% correct.
2. Gentoo needs to have a version (jentoo?) so that we can return to
raw innovation, of anything and everything any technoid wants to pursue.
To me, that was and is the heart and soul of gentoo; but that postulate
alone wreaks of multifaceted danger. (danger Will Robinson, danger!).
Still my needs and heart is with these innovative folks, 100%, and yes
it is due to my new found addiction to all things clusterd.
So, how about we use (VMs/Container/unikernels/embedded/<and many more
approaches>) to allow both to coexist on the same hardware? Now, whether
Gentoo(hardened) is the main host and Jentoo(the latest innovation) is
the VM or vice-versa, remains to be explored and proven and provided as
a choice. Deeply embedded, hardened-gentoo, located on a usb stick, does
appeal to many different uses and it can be quickly unplugged by the
local admin, as an added fail-safe feature. Choice is preeminent, imho.
I'd like to see Jentoo, become the most innovative platform in the
entire FOSS world, as gentoo once was. For now, they (Gentoo and
Jentoo) could be run on different (hardware) systems and combined later,
when viable mechanisms are proposed, tested and vetted. This thread of
consternation only servers to 'yet again' validate both needs. Jentoo
could live out of an alternative repo, and the rules for putting codes
in there, are managed by the devs that favor innovation over
constriction. In fact, we could also experiment with an open source
alternative (gitlab?) in lieu of github (just a thought, do not get your
panties in a bunch over this)?
Gentoo, does need a 'tight-assed', secure and reliability first mantra
to move forward to serve the computational worlds needs. Security is at
a breaking point, imho; hacker news has a posting about systemd and
buntu in full meltdown related to (server)clusters. Furthermore,
nation-states have a vesting interest in taxing the productive for a
variety of reasons, and network/computing/communications instability is
the new 'cold war' where excessive taxes, robber-barron greed, and
globalization are converging towards war(3). So do not look to
governments or the globalist to prevent war. I'm not certain that gentoo
can prevent this, but it's worth a little effort, no?
If we can make a secure peace with both the innovative and the secure
camps, within Gentoo (and Jentoo), then perhaps the computational world
will follow our lead. Vendors (greeds) are going to plunge us into WW3,
if folks do not 'wise up' and 'pull together'.
(also, I'm not hung up on 'Jentoo' as a name; perhaps 'Gintoo'?
(peace && hth),
James
