Subject: Re: pkgsrc-stable branch stories?
To: Steven M. Bellovin <>
From: Quentin Garnier <>
List: pkgsrc-users
Date: 04/18/2006 17:07:41
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 17, 2006 at 11:47:56AM -0400, Steven M. Bellovin wrote:
> On Mon, 17 Apr 2006 11:18:14 -0400, Johnny Lam <> wrote:
> > I'm curious as to how many people are using the pkgsrc "stable" branche=
> > (pkgsrc-YYYYQQ).  The pkgsrc developers spend quite a bit of time=20
> > creating and maintaining these branches, and I want to get a feel for=
> > whether this is time well-spent.
> >=20
> > I personally use the stable branch on production servers.  I find it=20
> > avoids the chaos of keeping up with rapidly changing PKGREVISIONs that=
> > happen on pkgsrc HEAD at times.  I keep a sandbox handy for rebuilding=
> > packages when there is a security update on the stable branch, and I=20
> > update all of my software to the newest stable branch every quarter.
> >=20
> > Is anyone else using the pkgsrc stable branch?  If so, how do you use i=
> I'll tell you something you don't want to hear -- I tried it, but I gave
> up.  The problem is that security patches weren't pulled up quickly enough
> to the branches.  On stable machines, those are my primary reason for
> recompiling.

Fixing the PHP packages last week took me an insane amount of time;  I'm
glad that I can stretch my job description enough to consider it part of
my admin job, but I still have better things to do.  I committed the
patches on Friday, and just did the pull-up request, after proper test
that everything applied cleanly and compiled fine on the branch.

During that time, *anybody* (well, policy probably requires that the
requests come from developers, but that still include a lot of people)
could have done the same checks and request the pull-up.  I personally
don't use the stable branch, mostly because I haven't had the time to
prepare my setup in that respect.

Quentin Garnier - -
"When I find the controls, I'll go where I like, I'll know where I want
to be, but maybe for now I'll stay right here on a silent sea."
KT Tunstall, Silent Sea, Eye to the Telescope, 2004.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.6 (NetBSD)