On Sat, 5 Feb 2005, Kimmo Suominen wrote:

> Eric Haszlakiewicz <erh@jodi.nimenees.com> writes:
>
> | 	I've been getting a bit annoyed that I need to keep creating a
> | /usr/pkgsrc/distfiles directory on machine without pkgsrc just to provide
> | a location for download-vulnerability-list to put it's list.  I know
> | I can change that by setting PKGVULNDIR, but it seems like a poor default.

I agree it could have a better setting for binary packages.

> I like ${DISTDIR} as the default.  I also set ${DISTDIR} in /etc/mk.conf
> to a value that is reachable on all machines via amd mounts.  In my case,
> this is what I use:
>
>     DISTDIR=/pub/distfiles
>
> As an additional benefit I only need to run down-vulnerability-list on
> one machine (I chose the one that has the physical disk).

I also share a distfiles directory for a few machines, but the original
poster said "on machine without pkgsrc" and I also have some machines with
out any pkgsrc builds.

> | 	How about if we change that to /var/db or /var/tmp?
> | (or even ${PREFIX}/var/db, if there's an easy way for a script to know
> |  where it happens to get installed into)
>
> I like all of these much less as a default.  Both /var/db and /var/tmp
> are local to each machine, and ${PREFIX}/var sounds like a really bad
> idea altogether in environments where ${PREFIX} is a shared disk, or is
> maintained by synchronizing its contents.

/var/tmp/ is especially unsafe since we don't have checks for safe temp
files.

I think under VARBASE is a good idea. amavisd-new, cyrus-sasl2, dirmngr,
heimdal, libnasl, mit-krb5, nessus-*, pks, and others use VARBASE.
Although many of those are wrong in my opinion because they use top level
of VARBASE instead of working in some VARBASE/db or VARBASE/cache or
other.

Maybe ${VARBASE}/db/pkg-vulnerabilities would be best?

 Jeremy C. Reed

 	  	 	 technical support & remote administration
	  	 	 http://www.pugetsoundtechnology.com/