pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Binary packages track stable branch?

* On 2014-03-19 at 16:45 GMT, J. Lewis Muir wrote:

> On 3/19/14, 4:42 AM, Jonathan Perkin wrote:
> > * On 2014-03-19 at 04:17 GMT, Matthew Raspberry wrote:
> >
> >> Forgive me if I'm asking a dumb question but I want
> >> to confirm this before going any further. Why are the
> >> checksums for pub/pkgsrc/pkgsrc-2013Q4/pkgsrc.tar.xz and
> >> pub/pkgsrc/pkgsrc-2013Q4/pkgsrc-2013Q4.tar.xz different? I've done
> >> some comparisons of the files in each archive and I'm guessing the
> >> reason is that the pkgsrc-2013Q4.tar.xz contains the snapshot as
> >> it was at the time of release and pkgsrc.tar.xz is the snapshot at
> >> the time of release with security and/or stability patches. Is that
> >> correct?
> >
> > Yes.
> On a related note, do the binary packages track the stable branch?
> In other words, are the binary packages updated to track the stable
> branch corresponding to the above pkgsrc.tar.xz, or are they left alone
> corresponding to the above pkgsrc-2013Q4.tar.xz?
> Is this the case for all platforms, or does it vary?

It varies depending on who does the builds.

> For example, what about the Mac OS X binary packages provided by
> Joyent?  Are those built for the quarterly release and then left
> alone, or are they updated to address security or stability fixes so
> that they actually track the stable branch?  As a specific example,
> say a remotely exploitable vulnerability was discovered in
> security/openssh; would its binary package get updated?

That specific package set is built on a couple of Mac Minis in my
loft, which don't really have the capacity to track the branch as well
as performing regular trunk builds.

However we may soon have a larger infrastructure of OSX machines on
which to do bulk builds and so will then be able to keep branch builds
up-to-date as well as providing native Mavericks packages.

For our SmartOS/illumos packages we have plenty of resources, so those
branches are regularly updated.  In some cases we will perform pullups
ourselves further back than the current supported branch, as we still
have lots of customers on older branches.

Jonathan Perkin  -  Joyent, Inc.  -

Home | Main Index | Thread Index | Old Index