On Mon, Feb 07, 2005 at 10:44:01PM +0000, Alistair Crooks wrote:
> On Sat, Feb 05, 2005 at 01:36:36PM -0600, Eric Haszlakiewicz wrote:
> > 
> > 	I've been getting a bit annoyed that I need to keep creating a
> > /usr/pkgsrc/distfiles directory on machine without pkgsrc just to provide
> > a location for download-vulnerability-list to put it's list.  I know
> > I can change that by setting PKGVULNDIR, but it seems like a poor default.
> > 
> > 	How about if we change that to /var/db or /var/tmp?
> > (or even ${PREFIX}/var/db, if there's an easy way for a script to know
> >  where it happens to get installed into)
> 
> Please don't change it from ${PKGVULNDIR}.  The DISTFILES directory
> was chosen for a purpose, and you can modify it with PKGVULNDIR, as
> you say. Far from it being a "poor default", there isn't really a
> better one.

	So why was $DISTDIR used as the default?  As far as I know, nothing
else places runtime files in a source directory.  Even outside of pkgsrc
that rule is followed.  e.g. /usr/src isn't used by the base system to hold
config/generated files.  If there isn't a better location we should define
one, and include it as part of the package so installing the package
ensures that the directory exists.
	
> /var/tmp is not meant for things like that, and we have been
> overloading /var/db for too long for it to be viewed as a viable
> alternative.
	From hier(7):
/var/
	db/	miscellaneous automatically generated system-spe-
		cific database files, and persistent files used in
		the maintenance of third party software.

Isn't that _exactly_ what pkg-vulnerabilities is?  

eric