Subject: Re: Binary package sets
To: Dr. Rene Hexel <>
From: Manuel Bouyer <>
List: tech-pkg
Date: 04/24/2001 13:41:14
On Tue, Apr 24, 2001 at 01:25:03PM +0200, Dr. Rene Hexel wrote:
> Alistair Crooks wrote:
> > Our resources are not exactly overabundant at the moment. Adding
> > to the workload is, to me, infeasible.
> > 
> > I could be wrong, and it all manages itself, but somehow, I don't
> > think so.
>   Let me add to this by emphasizing that (unlike the base tree of
> NetBSD-current) we have a policy of not replacing a stable release
> version in pkgsrc with an unstable beta version.  If there is reason
> enough to import a `bleeding edge' version, usually an additional
> `<packagename>-current' package gets imported.  Also, the package team
> doesn't usually control the original source code.  Therefore, it would
> be a lot harder for us to track and pull up (to a set of release
> branches) any security or bug fixes (while leaving out feature updates)
> from newer package versions.

Yes, I agree. But the problem is that
1) with the current sheme it's almost impossible to have a set of binary
   packages in a consistent state *and* with security updates
2) so whe have to go with pkgsrc to get a security fix. So update
  pkgsrc/foo/bar. But this doesn't work because it wants an up-to-date
  pkgsrc/mk, which wants a new pkgtool, etc...

This can be worked around (I do :), but the main problem here is that we can't
provide binary packages that can easily be updated for security, because
most of the time it requires updating a lot of dependancy.

Manuel Bouyer, LIP6, Universite Paris VI.