Subject: Re: CVS commit: pkgsrc/security/sudo
To: Roland Illig <>
From: Quentin Garnier <>
List: tech-pkg
Date: 10/26/2005 22:17:20
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 26, 2005 at 09:52:06PM +0200, Roland Illig wrote:
> Quentin Garnier wrote:
> >On Fri, Oct 07, 2005 at 12:53:02PM +0000, Roland Illig wrote:
> >
> >>Module Name:	pkgsrc
> >>Committed By:	rillig
> >>Date:		Fri Oct  7 12:53:02 UTC 2005
> >>
> >>Modified Files:
> >>	pkgsrc/security/sudo: Makefile
> >>
> >>Log Message:
> >>Fixed a pkglint warning.
> >
> >
> >Shouldn't pkglint be fixed instead?
> I don't think so. I have added the warning with a specific purpose: To=20
> catch misspelled or superfluous instances where PKGREVISION is defined.

We've had "PKGREVISION=3D #empty" around for quite a while, and the code
where PKGREVISION is checked explicitely checks for emptiness.

> >(Note: this particular commit was annoying because besides fixing a
> >non-existent issue
> My change may not have fixed any bug per se. Nevertheless I felt a need=
> for this change because creating new packages is often done like taking=
> an existing Makefile and modifying it until it fits. That is, every=20
> current package is possibly used as an example how to create a working=20
> package. These examples (that is: every package) should not only work,=20
> but should also represent the way new packages are intended to look=20
> like. Specifically, I want the packages to "look good" and "feel good".=

For your definition of "look good".

> Just remember that NetBSD is said to be of high code quality.

Yes, and PKGREVISION=3D #empty is bad because ... ?  It explicitely states
the variable is left empty, so there is no chance it is a typo or

And I'd say people who look at the said code would rather replace "high"
with "better".  Just saying.

> > it broke consistency with the branch
> Maybe I haven't taken the "best time" to apply this patch. Had it been=20
> better applied shortly _before_ a branch instead of shortly _after_, to=
> minimize the probability of having to pull it up?

You don't pull-up cosmetic changes, hence it's better to have them
happen right before the branch.

> >which means it's not as easy to pull-up securtity-related changes.
> >Sudo has bad history, it's not a reason to make things harder.)
> I don't understand this "bad history". :(

Sudo has a bad security track.  Therefore PKGREVISION bumps that get
pulled-up happen way more often than for other packages.  Gratuitious
commits gets in the way, that's all.

At the end of the day, when you're tired and you want a security fix to
hit the users as quickly as possible, it's slightly annoying.  I'm not
saying I'll fight over this, of course not, but fixing stuff that works
do very little good (except for the eyes, alright).  Ask Perry ;)

Quentin Garnier - -
"When I find the controls, I'll go where I like, I'll know where I want
to be, but maybe for now I'll stay right here on a silent sea."
KT Tunstall, Silent Sea, Eye to the Telescope, 2004.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.6 (NetBSD)