On Thu, 18 Sep 2003, William Allen Simpson wrote:

> "Perry E. Metzger" wrote:
> > pkgsrc is very much a separate world from the base NetBSD code. It has
> > a different build system designed for dealing with third party
> > packages and somewhat different goals (given its multiplatform
> > nature).

> I suggest ssh be the "poster child".  That is, get the package version
> up to snuff, remove it from the base install, and figure out what needs
> to be done to make more of the game, misc, text, et alia, installs done
> by a single convenient and efficient distribution system.

That's exactly backwards. OpenSSH is one of the few new programs
that's been admitted to the base system since NetBSD was born. If
anything, we should be getting rid of the "openssl" and "openssh"
packages.

As far as timely maintenance in the face of a known security issue
goes, the package system pales in comparison to the base. From the
maintainer's point of view, in the base system, you just commit the
tiny fix to the code, while for pkgsrc, you have to deal with automake
or even crazier build systems, generate patches and PLISTS, and so on.
From the user's POV, the base system requires only a cvs update, build
and install, while for pkgsrc, you have to do the cvs update, update
your tools before the build, and update dependencies after.

Frederick