Subject: Re: Binary package sets
To: Dr. Rene Hexel <firstname.lastname@example.org>
From: Manuel Bouyer <email@example.com>
Date: 04/24/2001 13:41:14
On Tue, Apr 24, 2001 at 01:25:03PM +0200, Dr. Rene Hexel wrote:
> Alistair Crooks wrote:
> > Our resources are not exactly overabundant at the moment. Adding
> > to the workload is, to me, infeasible.
> > I could be wrong, and it all manages itself, but somehow, I don't
> > think so.
> Let me add to this by emphasizing that (unlike the base tree of
> NetBSD-current) we have a policy of not replacing a stable release
> version in pkgsrc with an unstable beta version. If there is reason
> enough to import a `bleeding edge' version, usually an additional
> `<packagename>-current' package gets imported. Also, the package team
> doesn't usually control the original source code. Therefore, it would
> be a lot harder for us to track and pull up (to a set of release
> branches) any security or bug fixes (while leaving out feature updates)
> from newer package versions.
Yes, I agree. But the problem is that
1) with the current sheme it's almost impossible to have a set of binary
packages in a consistent state *and* with security updates
2) so whe have to go with pkgsrc to get a security fix. So update
pkgsrc/foo/bar. But this doesn't work because it wants an up-to-date
pkgsrc/mk, which wants a new pkgtool, etc...
This can be worked around (I do :), but the main problem here is that we can't
provide binary packages that can easily be updated for security, because
most of the time it requires updating a lot of dependancy.
Manuel Bouyer, LIP6, Universite Paris VI. Manuel.Bouyer@lip6.fr