lldb ...

Lawrence Velázquez larryv at macports.org
Fri Sep 9 09:12:34 PDT 2016


> On Sep 9, 2016, at 10:28 AM, René J.V. Bertin <rjvbertin at gmail.com> wrote:
> 
>> On Friday September 09 2016 09:27:31 Lawrence Velázquez wrote:
>> 
>> If our release process is too cumbersome and infrequent, we should change that. I don't see reason to divide base's functionality more than it already is.
> 
> In my perception, "base" updates usually come with a lot of updating installed ports and quite the share of stress if everything is going to work like before. There should indeed be no need for that; it should usually be possible just to update a file or two, at least as far as the Tcl library is concerned.

I don't know why that would happen, unless drastic changes are released (which does happen sometimes). It's not inherent to base; I update from trunk all the time with no problems.

>> And I would definitely not want any security-related functionality to be implemented in a portgroup, which is immediately pushed to all users.
> 
> Who said everything about immediately, before it's well tested? The only thing that I'm taking into consideration is the fact that we may not hit the ideal implementation immediately that has all the required functionality and flexibility.

Any code pushed to the repository goes out to all users immediately. This is nice for certain applications but not others. The whole point of trunk base is to hit the middle ground of getting certain changes field-tested by other devs quickly without affecting users.

If you're suggesting that we test the code by sending around patches outside source control... well, that sounds like an antipattern to me.

>> Apple provides developer certificates that can be used for signatures.
> 
> Yes they do. But usually that's between Apple and the developer who pays to sign his/her software.

I do wonder whether there would be legal considerations.

> In MacPorts it means that basically anyone with commit access can start using that certificate for free.

Sort of. I expect portmgr would be responsible for it. They already delegate responsibility for the integrity of our software via commit privileges, and committers already piggyback on their reputation when archives get signed and distributed from Buildbot.

vq


More information about the macports-dev mailing list