[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] RFC: leechcraft.eclass
From:       Marc Schiffbauer <mschiff () gentoo ! org>
Date:       2011-07-22 12:39:36
Message-ID: 20110722123936.GA31831 () lisa ! schiffbauer ! lan
[Download RAW message or body]


* Alex Alexander schrieb am 22.07.11 um 13:30 Uhr:
> On Fri, Jul 22, 2011 at 14:21, Marc Schiffbauer <mschiff@gentoo.org> wrote:
> > Am Freitag, 22. Juli 2011, 14:50:06 schrieb Maxim Koltsov:
> >> Hi devs,
> >> I'm about to add Leechcraft modular internet client to tree. It has 32
> >> packages and uses it's own eclass. Please review it and allow me to
> >> commit it to the tree.
> >> Also i'd want to ask: is it woth to add new category (e.g.
> >> leechcraft-plugins) to simplify managing leechcraft ebuilds. And the
> >> last question: is it good to add 9999 versions for all ebuilds too?
> >
> > IMO live ebuilds should only be held in an overlay.
> >
> > -Marc
> 
> 9999 versions are nice, but they typically require more time and
> effort to maintain. I'd recommend adding them only if you are willing
> to do the work. Sometimes 9999 ebuilds are useful as a way to prepare
> for the next release.

Yes, but the big drawback is that you do not have any checksums of
the source. So if for example an upstream source code gets exploited you 
will never notice until the trojan or whatever got in there will do
something. Sure this can happen with normal tarballs too,
but is much more unlikely and can only happen if the source is
already bad at the time of "repoman manifest".

-Marc
-- 
8AAC 5F46 83B4 DB70 8317  3723 296C 6CCA 35A6 4134

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]