Re: a few pre-install feasability questions

["Jeremy C. Reed" <reed%reedmedia.net@localhost>]

Welcome Doug

> Question 1:  On a dual P-II-450, will an hour be enough build time to
> keep the system up-to-date?  I'm assuming that the build process doesn't
> have any way of pause and resume.

It depends, but I'd say you should plan on using binary updates and not 
build from source to save time. We don't officially have binary updates, 
but there are a few systems available -- so we need to just encourage 
someone to start providing binaries for security updates. As for minor 
revisions or other upgrades, you can just upgrade using the binary tar 
sets.

> For third-party apps, I understand that I can either go with
> pre-compiled packages or build from source with pkg-src.  Outside of the
> base system, the third-party app I'm most concerned about keeping
> up-to-date (both because of its potential vulnerability and the large
> size of it) is Firefox; if I can keep Firefox up-to-date, I should be
> able to keep everything else up-to-date.  

pkgsrc will probably be too slow for you also. So use the binary packages 
provided by NetBSD.

> Debian did things in a unique way with Firefox.  Their policy is that
> new versions of software aren't put into Stable.  Firefox's security
> policy is that security fixes go into new versions. Therefore, Debian
> back-ported the security fixes in to the old version and distributed a
> fresh binary as a security update.  (Mozilla required that Debian then
> not call it Firefox, so Debian calls it Iceweasel).  

pkgsrc also has similar policies, but often it depends on the maintainer 
and the amount of work involved.

> I'm assuming that when a vulnerability is found in Firefox,
> audit-packages will alert me to the fact, then Mozilla will issue a new
> version of Firefox, then it will appear in pkg-src (current).  

Yes. Also if there is a security vulnerability, then the "stable" version 
of pkgsrc should get it too. If it doesn't get it in a reasonable amount 
of time, please ask about it. If a binary package isn't created for the 
updated stable version, also please ask for it.

> Question 2:  To keep Firefox (and other third-party apps) up-to-date,
> will I be needing to recompile from source or just wait for a new binary
> version?  

Just wait for the binary package. If it is not provided quickly, please 
ask about it.

> Question 2a: If I have to recompile Firefox, how long will it take?

65 minutes to build on my 800Mhz system using pkgsrc. That doesn't include 
any dependencies. With dependencies, on your system it may take a few 
hours.

> Question 3:  How often does a base security fix require rebuilding a
> large chunck of the system and how often does it require rebuilding the
> third-party apps as well.  How long does that take?

Very rare to have to rebuild third-party applications due to change in 
base. I don't know how often requires rebuild of large chunk of base. 
Can't easily estimate how much time. (I do have some of my details from 
my old 30 or so 1.4 and 1.5 binary updates, but I am not looking ...)

  Jeremy C. Reed

echo 'EhZ[h ^jjf0%%h[[Zc[Z_W$d[j%Xeeai%ZW[ced#]dk#f[d]k_d%' | \
  tr            '#-~'            '\-.-{'