Dear all, I start to subscribe all the messages that have been exchanged2 and would like to start to cite a very important sentence mentioned by Kent in zoom thread, that concerns me:
On 4/7/20 7:23 AM, Kent Fredric wrote: > But utlimately, this is not a technology problem: Its a staffing problem. As my humble contribution, I wish to see Gentoo as the most used distribution along with their child distributions. I always believe this is possible with the right tools. The utopia would be to see one day every company to follow Gentoo QA policies to win their clients, but what do we need to do to get there? Share the information to the users to change their critical view when demanding the software. Every time we neglect this we are becoming more lonely and some day open source software will be a myth. --- Gentoo, as the base reference, have good QA and provide the tools reflected in is build system that is in constant improvement and progression. Following this way, the distribution should be sturdy and most possible complete, so it can adapt to the software market and their evolution. The common problem I think, is that software quality is lowering since the hardware is very powerful, and the market is eager and blinded by the hardware low cost. Optimizations are neglected and focused on UI, so the delivery is faster then ever in the harshest market of all time for the software majority. So anytime I read about security is nowadays something so hard to do any concern, but sharing all community knowledge we can have better trust and allow to parse the bad software and practices. I know that this can't be done easily, but let me call the opensource methodology to call everyone who can help with that. So attracting new users would bring more knowledge, allows also to spread the world enlarging the community, that should result in greater trust for the defined QA. This is why I think is so important to have the ebuilds, even if they are in overlays. More ebuilds is better so we can collect the knowledge, opposed to a standalone approach. For those with more limited knowledge will let them to buy bad solutions or do the wrong procedures. The root problem will only be defeated by the end users and we need to struggle the illiteracy about software in the community. --- So, for me, any proposal of additional information is useful, even the README.gentoo proposal by Ulrich in zoom thread. Lets avoid the hide... Is better to know what have been done even if is not possible to assure anything. This way someone could pick it and continue the evaluation work. Clearly this will not be against the trust. Then is so easy to create an ebuild with the provided tools that everyone could do their contribution using overlays. Is awesome to know that my personal overlay is being audited by Gentoo QA. I think you could bet there the efforts! Best, Samuel
signature.asc
Description: OpenPGP digital signature
