This is the policy document governing the Gentoo Overlays service.
- 1 Introduction
- 2 What Is The Overlays.g.o Service?
- 3 Types Of Overlay
- 4 Responsibilities
- 5 Creating Overlays
- 6 Commit Access To Overlays
- 7 General Rules For Overlays
- 8 Administration Of Overlays
- 9 Removal Of Overlays
- 10 Restrictions On New Software
- 11 Errors And Omissions
- 12 Acknowledgements
Here are the policies for the overlays.g.o service. If you host an overlay on overlays.g.o, or if you participate in the administration of overlays.g.o, you must follow these policies.
What Is The Overlays.g.o Service?
overlays.g.o provides a social workspace, for Gentoo projects and developers to publish their Gentoo package overlays in one location, where it's easy for devs and non-devs alike to collaborate.
Types Of Overlay
overlays.g.o hosts two types of overlay:
- overlays for Gentoo project teams
- overlays for individual Gentoo developers
- overlays for Gentoo summer of code projects
- overlays for other Gentoo-specific projects that are external
"Project overlays" are overlays owned by recognised Gentoo project teams. Such teams are required to meet the definition of a project that you can find in our metastructure document.
"Project overlays" will have the same name as the Gentoo project team. Each project is only allowed a single overlay.
As far as this policy is concerned, project overlays are owned by the elected lead(s) of the project.
"Developer overlays" are overlays owned by individual Gentoo developers. These are the developers who have successfully taken the Gentoo developer quizzes, and who have been given commit access to the main Gentoo package tree.
Each "developer overlay" will have the same name as the developer who owns the overlay. Each developer is only allowed a single overlay.
As far as this policy is concerned, developer overlays are owned by the individual Gentoo developer who asked for the overlay to be hosted.
Summer of Code Overlays
"Summer of Code overlays" are overlays that were created for the express purpose of hosting the development of a Google Summer of Code (SoC) project for Gentoo.
Each "SoC overlay" will be named for the SoC project. Multiple overlays may exist if required by the project.
As far as this policy is concerned, SoC overlays are owned by the SoC student.
External Gentoo-specific overlays
- Infra are responsible for the platform (hardware + o/s) that overlays.g.o is hosted on.
- The overlays project team is responsible for administering the overlays.g.o service, including responsibility for the software used to deliver the service (e.g. svn, trac, git, gitweb).
- Overlay owners are responsible for the contents of their overlays, and for the conduct of anyone who has commit access to their overlays.
- Any individual committing to an overlay is responsible for his/her own actions.
Overlays are created at the request of whoever will be the owner of the overlay.
Overlays are optional; no Gentoo developer or project team is required to setup an overlay.
Gentoo developers are free to host their overlays somewhere else.
Commit Access To Overlays
To be clear:
- A "developer" is someone who has commit access to the main Gentoo package tree.
- A non-developer is anyone who doesn't have commit access to the main Gentoo package tree. That includes other members of Gentoo staff.
- Any developer listed on a team's project page can have commit access to that team's overlay(s). Just ask the overlays admin team to sort you out with access.
- Any dev not listed on a team's project page can have commit access, with the agreement of a member of the project team.
- Any non-dev can have commit access to a team's overlay(s). The request for access has to come from the owner of the overlay.
- Any Gentoo dev can ask for commit access, with the agreement of the overlay's owner.
- Any non-dev can have commit access to a developer's overlay. The request for access has to come from the owner of the overlay.
- The SoC student mentor and student will be provided with the overlay.
- Any non-dev can have commit access to a SoC's overlay. The request for access must come from either the SoC student or his mentor.
Common Requirements For Non-Devs
- The non-dev is required to have registered their nick on Freenode IRC first, and must provide a valid email address for our records.
- If you're a non-dev, please don't ask the overlays team directly for access, as refusal often offends.
With trac + svn, it's possible to give commit access separately to trac (ie, the wiki), and svn.
General Rules For Overlays
We're deliberately trying to keep the rules on overlays to a minimum. Please, don't abuse the service, and force us to add more rules :(
What You Can And Cannot Store On overlays.g.o
overlays.g.o is for hosting package trees, their patchsets, any docs, and any downloadable tarballs that have nowhere else to be hosted.
TODO: Note that $UPSTREAM is allowed for Gentoo-specific/related.
Overlays Are Public
There are no "secret" overlays.
All overlays are listed on the frontpage of overlays.g.o, and anyone is free to download the contents of an overlay.
If you need a secret overlay, we're not the service for you.
bugs.g.o is the OneTrueBugTrackingSystem(tm), even for overlays.
Moving Contributions From Overlays To The Portage Tree
Don't set up anything to automatically commit the contents of an overlay to the main Gentoo package tree. Ever.
Any code you take from an overlay and commit to the main Gentoo package tree needs to be thoroughly reviewed first. As the person committing the code to the main tree, it's your responsibility to ensure that the code meets the required standards.
Administration Of Overlays
Only the overlays.g.o administration team (listed on the overlays project page) have shell access into the overlays.g.o box. At the moment, account management (including resetting passwords) has to be done through the overlays administration team.
If you need anything doing to your overlay (adding/removing a user f.ex), please ask in #gentoo-overlays, and someone will help you as soon as possible.
Removal Of Overlays
Overlays can be removed at the discretion of the overlays administration team. Except for exceptional circumstances, we'll only remove overlays for the following reasons:
- Project overlays will be removed if the project closes down.
- Developer overlays will be removed when its owner retires.
Exceptional circumstances may include:
- Complaints from other developers about the contents of an overlay causing problems for packages in the main tree.
- Complaints from other developers about the contents of an overlay creating a security risk to our users.
All exceptional circumstances will be discussed on gentoo-dev before action is taken.
Overlays are places where experimental changes can be made and tested. Please make sure you understand why things are the way they are in an overlay before you make a complaint about what's going on!
Restrictions On New Software
We're always willing to listen to requests for different software we could offer as part of the service. Please bear in mind that we need to keep the amount of software offered to a minimum, to reduce the workload on the overlays administration team.
Any new software added to the service will have to meet the following requirements *as a minimum*. Please don't ask for a piece of software unless you've checked and made sure it meets these requirements.
- There must be a working package for the software in Portage.
- The package must have an active maintainer.
- The package must have a "credible" security history. In particular, packages that need regular updating to fix security holes are likely to be rejected.
- If the package provides a bug-tracking system, it must be possible to disable the bug-tracking system.
The only access to overlays.g.o is via these two mechanisms:
- HTTP/HTTPS and Apache
- SSH to Gitosis for Git overlays
The security mechanism for overlays.g.o is via HTTP basic auth, over SSL. We use both htpasswd and htgroup files to manage who can commit where.
A package can have finer-grained control via its own security mechanisms (e.g. trac's permissions list), but the package must be compatible with these access and security restrictions.
Errors And Omissions
If you find a fault with this policy, please file a bug on bugs.g.o, and assign it to firstname.lastname@example.org.
All policy changes will first be posted to gentoo-dev for discussion.
We would like to thank the following authors and editors for their contributions to this guide:
- Stuart Herbert
- Markus Ullmann
- Robin H. Johnson