tech-pkg: Re: binary packages with vulnerabilities removed from ftp

Subject: Re: binary packages with vulnerabilities removed from ftp - a bad idea?
To: None <tech-pkg@netbsd.org>
From: Frederick Bruckman <fredb@immanent.net>
List: tech-pkg
Date: 01/30/2005 16:52:52

In article <Pine.GSO.4.61.0501301728430.20255@rfhpc8317>,
	Hubert Feyrer <hubert@feyrer.de> writes:
> On Sun, 30 Jan 2005, Frederick Bruckman wrote:
>> How could you know that the ABI of the @blddep library didn't change?
> 
> I can't.
> It may be useful to rebuild the first pkg, but in practice, bugfixes 
> are much more likely to pkgs, esp. from branches, than any major versions 
> that break interfaces.

That's not very reassuring.

We could have an "exceptions list" maintained the same way as the
vulnerability list (commit and upload), and ideally at the same time.
So, the robot would stat all the files in the directory, then merge
that with the exceptions list.  If it doesn't find a @blddep in the
resulting list, it could move the package to a "broken" directory
in the same file system.  Now, the loving guardian has an opportunity
to rescue the package(s) from the brink, by fixing the exceptions list
and moving it (them) back.  The broken directory could be purged as
replacements become available in the main directory (by another robot),
or, from time to time by hand.

Frederick