Manuel Bouyer wrote:

> Yes, I agree. But the problem is that
> 1) with the current sheme it's almost impossible to have a set of binary
>    packages in a consistent state *and* with security updates
> 2) so whe have to go with pkgsrc to get a security fix. So update
>   pkgsrc/foo/bar. But this doesn't work because it wants an up-to-date
>   pkgsrc/mk, which wants a new pkgtool, etc...
> 
> This can be worked around (I do :), but the main problem here is that we can't
> provide binary packages that can easily be updated for security, because
> most of the time it requires updating a lot of dependancy.

  You are right, of course.  The question here is: wouldn't it be better
to use our resources (both in manpower and computing power) to set up a
bunch of computers (that we would need for a -release branch as well)
for bulk-building a consistent set of binary packages that we make
available via ftp.  This would avoid most of the problems we currently
have with regard to consistent binary packages.

  In addition, we would need some way of automatically upgrading
installed binary packages.  Some work has been done here already, but
some 'pkgupdate' utility that does all the right things would be nice.

  Cheers
      ,
   Rene