Hello,
I've looked at our repositories.xml and the quality/status attributes
don't seem to be used very meaningfully.
That is, by quality:
core: gentoo [official]
stable: opentransactions (?) [official (?!)]
testing: hyprland-overlay, moexiami [both unofficial]
experimental: everything else
graveyard: unused
By status:
official: ago, alexxy, anarchy, andrey_utkin, cj-overlay, dilfridge,
emacs, EmilienMottet, fordfrog, gentoo, gnome, gnustep, graaff, guru, haskell, java, jmbsvicetto, kde, libressl, maekke, masterlay, mschiff, multilib-portage, musl, mysql, opentransactions, pentoo, pinkbyte,
qemu-init, qt, R_Overlay, rich0, riscv, rnp, ruby, science, sping,
swegener, tex-overlay, toolchain, ukui, ulm, vGist, voyageur, x11
unofficial: everything else
Which brings the significant question: are these attributes in any way meaningful? Is there a point in keeping them at all? Should we set
some ground rules and make them used consistently?
Of them all, only "core" makes sense right now. "stable" and "testing"
are used only by random user overlays, with no apparent features.
Similarly, "official" is used by a mix of developer and ex-developer repositories, developer and user project repositories, and a bunch of
user repositories with no clearly distinct features.
On 2025-03-28, Michał Górny wrote:
Hello,
I've looked at our repositories.xml and the quality/status attributes
don't seem to be used very meaningfully.
That is, by quality:
core: gentoo [official]
stable: opentransactions (?) [official (?!)]
testing: hyprland-overlay, moexiami [both unofficial]
experimental: everything else
graveyard: unused
No idea why it's named quality. "stable", "testing" and "experimental"
are only used in profiles. Packages also can have stable and testing
arch keywords.
Looks like reused terminology without any clear and unambiguous meaning
of each term.
By status:
official: ago, alexxy, anarchy, andrey_utkin, cj-overlay, dilfridge,
emacs, EmilienMottet, fordfrog, gentoo, gnome, gnustep, graaff, guru, haskell, java, jmbsvicetto, kde, libressl, maekke, masterlay, mschiff, multilib-portage, musl, mysql, opentransactions, pentoo, pinkbyte, qemu-init, qt, R_Overlay, rich0, riscv, rnp, ruby, science, sping, swegener, tex-overlay, toolchain, ukui, ulm, vGist, voyageur, x11
unofficial: everything else
This makes sense: official repositories are maintained or managed by
Gentoo developers, unofficial repositories are maintained by
non-developers.
Well, should make sense, because "libressl" is also somehow official? It used to be maintained by Gentoo, and likely this attribute just wasn't updated after Gentoo had discontinued support for LibreSSL.
Which brings the significant question: are these attributes in any way meaningful? Is there a point in keeping them at all? Should we set
some ground rules and make them used consistently?
Even if they are meaningful, they are inconsistent and fall out of sync.
I wouldn't miss them :/
Of them all, only "core" makes sense right now. "stable" and "testing"
are used only by random user overlays, with no apparent features. Similarly, "official" is used by a mix of developer and ex-developer repositories, developer and user project repositories, and a bunch of
user repositories with no clearly distinct features.
Hello,
I've looked at our repositories.xml and the quality/status attributes
don't seem to be used very meaningfully.
That is, by quality:
core: gentoo [official]
stable: opentransactions (?) [official (?!)]
testing: hyprland-overlay, moexiami [both unofficial]
experimental: everything else graveyard: unused
By status:
official: ago, alexxy, anarchy, andrey_utkin, cj-overlay, dilfridge,
emacs, EmilienMottet, fordfrog, gentoo, gnome, gnustep, graaff, guru, haskell, java, jmbsvicetto, kde, libressl, maekke, masterlay, mschiff, multilib-portage, musl, mysql, opentransactions, pentoo, pinkbyte,
qemu-init, qt, R_Overlay, rich0, riscv, rnp, ruby, science, sping,
swegener, tex-overlay, toolchain, ukui, ulm, vGist, voyageur, x11
unofficial: everything else
Which brings the significant question: are these attributes in any way meaningful? Is there a point in keeping them at all? Should we set
some ground rules and make them used consistently?
Of them all, only "core" makes sense right now. "stable" and "testing"
are used only by random user overlays, with no apparent features.
Similarly, "official" is used by a mix of developer and ex-developer repositories, developer and user project repositories, and a bunch of
user repositories with no clearly distinct features.
On Fri, 28 Mar 2025, Michał Górny wrote:
I've looked at our repositories.xml and the quality/status attributes
don't seem to be used very meaningfully.
That is, by quality:
core: gentoo [official]
stable: opentransactions (?) [official (?!)]
testing: hyprland-overlay, moexiami [both unofficial]
experimental: everything else
graveyard: unused
By status:
official: ago, alexxy, anarchy, andrey_utkin, cj-overlay, dilfridge,
emacs, EmilienMottet, fordfrog, gentoo, gnome, gnustep, graaff, guru, haskell, java, jmbsvicetto, kde, libressl, maekke, masterlay, mschiff, multilib-portage, musl, mysql, opentransactions, pentoo, pinkbyte,
qemu-init, qt, R_Overlay, rich0, riscv, rnp, ruby, science, sping,
swegener, tex-overlay, toolchain, ukui, ulm, vGist, voyageur, x11
unofficial: everything else
Which brings the significant question: are these attributes in any way meaningful? Is there a point in keeping them at all? Should we set
some ground rules and make them used consistently?
Of them all, only "core" makes sense right now. "stable" and "testing"
are used only by random user overlays, with no apparent features.
Similarly, "official" is used by a mix of developer and ex-developer repositories, developer and user project repositories, and a bunch of
user repositories with no clearly distinct features.
Status:
* "Official" status meant managed by an official Gentoo project or
developer (who had gone thru the usual vetting process), […]
* "Unofficial" status had rather less security-trust and was intended for "ordinary users". […]
Guru specifically, given its purpose and that I personally have it active (but ATM unused), I wonder about having official status. […]
On Fri, 28 Mar 2025, Michał Górny wrote:
I've looked at our repositories.xml and the quality/status attributes
don't seem to be used very meaningfully.
That is, by quality:
core: gentoo [official]
stable: opentransactions (?) [official (?!)]
testing: hyprland-overlay, moexiami [both unofficial]
experimental: everything else
graveyard: unused
By status:
official: ago, alexxy, anarchy, andrey_utkin, cj-overlay, dilfridge,
emacs, EmilienMottet, fordfrog, gentoo, gnome, gnustep, graaff, guru, haskell, java, jmbsvicetto, kde, libressl, maekke, masterlay, mschiff, multilib-portage, musl, mysql, opentransactions, pentoo, pinkbyte, qemu-init, qt, R_Overlay, rich0, riscv, rnp, ruby, science, sping, swegener, tex-overlay, toolchain, ukui, ulm, vGist, voyageur, x11
unofficial: everything else
Which brings the significant question: are these attributes in any way meaningful? Is there a point in keeping them at all? Should we set
some ground rules and make them used consistently?
Of them all, only "core" makes sense right now. "stable" and "testing"
are used only by random user overlays, with no apparent features. Similarly, "official" is used by a mix of developer and ex-developer repositories, developer and user project repositories, and a bunch of
user repositories with no clearly distinct features.
I've recently looked at these too, in the context of EAPI deprecation
(GLEP 83). Basically, which repositories should we consider before
dropping support for an old EAPI from package managers?
For example, one could consider all "official" repositories. But then
I looked at some of them and found quite a few that are essentially unmaintained (e.g. because the developer retired). Also, the "quality" attribute didn't make sense to me at all.
One idea could be to merge these into a single status attribute, and
maybe salvage the "core" value. That is:
- core: Only the Gentoo repository (for the time being)
- official: Repositories maintained by a project or a developer
(maybe opt-in or opt-out, i.e. allow devs to have unofficial repositories?)
- unofficial: everything else
On Fri, 28 Mar 2025, Michał Górny wrote:
One idea could be to merge these into a single status attribute, and
maybe salvage the "core" value. That is:
- core: Only the Gentoo repository (for the time being)
- official: Repositories maintained by a project or a developer
(maybe opt-in or opt-out, i.e. allow devs to have unofficial
repositories?)
- unofficial: everything else
WFM. Not sure we can remove the "quality" attribute without breaking
stuff, but we can at least clean "status" a bit.
Perhaps as a first step, downgrade all user repositories to
"unofficial". Then ask the owners of the remaining ones if they want
them to stay official.
On Fri, 2025-03-28 at 08:23 +0000, Duncan wrote:
Status:
* "Official" status meant managed by an official Gentoo project or
developer (who had gone thru the usual vetting process), […]
* "Unofficial" status had rather less security-trust and was intended
for "ordinary users". […]
GURU specifically falls on the edge between these two definitions.
On one hand, by definition it is entirely maintained by users.
On the other, it is an official Gentoo project, and goes through some
kind of vetting process (i.e. Gentoo devs approve TCs, TCs and devs
review changes before pushing them to the main branch).
On Fri, 28 Mar 2025, Michał Górny wrote:
One idea could be to merge these into a single status attribute, and maybe salvage the "core" value. That is:
- core: Only the Gentoo repository (for the time being)
- official: Repositories maintained by a project or a developer (maybe opt-in or opt-out, i.e. allow devs to have unofficial repositories?)
- unofficial: everything else
WFM. Not sure we can remove the "quality" attribute without breaking stuff, but we can at least clean "status" a bit.
Yeah, that may be an obstacle. If we must keep the quality attribute,
then how about using quality="core" for the Gentoo repo, and quality="experimental" for everything else? Very few repos use the
values "stable" or "testing", and we don't seem to have any criteria
for them.
Michał Górny posted on Fri, 28 Mar 2025 05:27:40 +0100 as excerpted:
Hello,
I've looked at our repositories.xml and the quality/status attributes
don't seem to be used very meaningfully.
That is, by quality:
core: gentoo [official]
stable: opentransactions (?) [official (?!)]
testing: hyprland-overlay, moexiami [both unofficial]
experimental: everything else graveyard: unused
By status:
official: ago, alexxy, anarchy, andrey_utkin, cj-overlay, dilfridge,
emacs, EmilienMottet, fordfrog, gentoo, gnome, gnustep, graaff, guru, haskell, java, jmbsvicetto, kde, libressl, maekke, masterlay, mschiff, multilib-portage, musl, mysql, opentransactions, pentoo, pinkbyte, qemu-init, qt, R_Overlay, rich0, riscv, rnp, ruby, science, sping, swegener, tex-overlay, toolchain, ukui, ulm, vGist, voyageur, x11
unofficial: everything else
Which brings the significant question: are these attributes in any way meaningful? Is there a point in keeping them at all? Should we set
some ground rules and make them used consistently?
Of them all, only "core" makes sense right now. "stable" and "testing"
are used only by random user overlays, with no apparent features. Similarly, "official" is used by a mix of developer and ex-developer repositories, developer and user project repositories, and a bunch of
user repositories with no clearly distinct features.
So what you didn't mention but I assume knew, thus making your question
more one of: "This seems to have changed, do we get stricter again or lose the attributes which don't seem to mean anything any more"...
My (user) understanding from "back in the day" when overlays were fairly
new and I first merged and configured layman (reading its config docs
where IIRC this came from to do so), keeping in mind that back then
overlays were a new concept and a major point from the detractors was fear that actually providing official overlays management and documentation
would somehow implicate Gentoo if a user took advantage to distribute
overt malware:
Status:
* "Official" status meant managed by an official Gentoo project or
developer (who had gone thru the usual vetting process), thereby implying the same security-trust level as the main Gentoo tree. That is,
regardless of quality (experimental, testing, etc), the contents should be relatively trustworthy at minimum not to include deliberate ebuild/eclass level malware.
The implication of "official" was that any deliberate or "they went
through the vetting process and should have known better" security
violation (as opposed to quality/QA violation) in any "official" overlay would be treated as if it had occurred in the main overlay, and would not only trigger ejection of the dev in question but a reexamination of what could be done to improve vetting to avoid it happening again in the
future, as well as possible prosecution as appropriate.
* "Unofficial" status had rather less security-trust and was intended for "ordinary users". Unvetted, "caveat emptor", "here be dragons" and "if it breaks you get to keep the pieces". Security violations would of course result in removal of the overlay from the list... after the fact.
The implication was "If it's from an unofficial overlay, be sure you
either trust the author with effective root on your system or explicitly examine the code before running it, because effective root on your system
is what you're giving them."
...
I thus find it ... "unsettling"... to read that various user overlays have apparently been marked "official" with no regard to that original policy. While the original distinction may have arguably had alarmist motivations,
I definitely still find it useful, within a somewhat more limited context, and consider "official" status among other factors when I consider adding
an overlay.
Guru specifically, given its purpose and that I personally have it active (but ATM unused), I wonder about having official status. I only "sort of" use one ebuild from there, net-nntp/pan -- "sort of" because I used it as
a basis for my personal overlay's pan-9999 live-git ebuild, when upstream switched autotools -> cmake. (FWIW I've been "going to" contact and coordinate with the primary author and perhaps add the -9999 version to
guru as well once we do, but that's yet to happen...) Obviously I did the appropriate "unofficial status level" security evaluation in the process
of converting it to live-git -9999.
Quality:
I /think/ the quality attribute /may/ have been introduced later as IDR reading about it in the original layman docs, as I think back then the /assumption/ was that "if it's only in an overlay, it's not up to main-
tree quality", thus "experimental" and possibly incomplete/under- development, below ~arch-level quality. Either that or perhaps IDR it simply because it didn't strike me as important enough to "underline in my memory" like the status did (with the experimental assumption then being
on my part as seeming obvious).
Graveyard would have been the sunset overlay, which I guess has fallen by the wayside? (Of course I'm personally much more toward the live-git side than sunset/graveyard, so I'd have never noticed sunset's disappearance.)
FWIW kde's the only overlay I'm currently actively using (for -9999s, sets and package.accept_keywords), and it's (correctly) official status, experimental quality. (Tho I only just removed qt days ago, after reading that qt*-9999s are officially in-tree now -- kde of course having required it at times for the -9999s in the :5 era due to upstream kde's sometime dependency on unreleased qt.)
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 475 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 17:52:23 |
| Calls: | 9,487 |
| Calls today: | 6 |
| Files: | 13,617 |
| Messages: | 6,121,090 |