tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg_install in base system again

On Sun, Nov 06, 2011 at 08:56:18PM +0100, Alistair Crooks wrote:
> On Sun, Nov 06, 2011 at 08:47:24PM +0100, Joerg Sonnenberger wrote:
> > The fact remains that keeping it in base has proven time and time again
> > to create *more* issues for NetBSD users.
> For it to be a fact, I think you have to be able to prove it. Proving
> something which isn't true is a tad difficult. Possibly we can cons something
> up with a zero division, but there's maybe someone who would notice that.

Just look at
    if test `${PKG_ADMIN} -V` -lt 20090528; then \
        echo outdated; \
    else \

We need(ed) this code because we couldn't just assume the pkg tools
are new enough, because NetBSD includes them. If they were installed
from pkgsrc by default, the infrastructure could have just depended on
a new enough pkg_install package instead.

And you must know that this is only one, not the only one, example.

> I'm not convinced that pkg_setup is the right way to go. I have a number
> of versions of NetBSD-current sitting around. Who will provide the binary
> package for those (always assuming that we've been convinced that it's
> the right thing to do?).

The same person or bulk build who will provide the binary packages.
Or the person compiling them from source, if they will be compiled from source.

> What do we do about machines that aren't always
> connected to a good gateway.

Well, they'll have to ask themselves how they'll install any packages at all 
then anyway.

> In lieu of signatures actually being used on
> binary packages, where does the trust come from for this binary package?

The process could be easily extended to download an external signature
file and check that.

> What machine was it built on? What compiler was it built with?

The same as the whole repository you're using for all the binary

Home | Main Index | Thread Index | Old Index