Re: List of deletion candidates

[Havard Eidnes <he%NetBSD.org@localhost>]

To follow a bit up on this tangent:

> This, I believe, has been discussed before - how useful for the pkgsrc
> developers and users is having there packages that can be installed
> with a simple 'cargo install blah-blah' or pip3 or pnpm - if there are
> no patches required?

Even though I know next to nothing about pip3 or pnpm, I can
think of a few reasons:

 * "cargo install blah-blah" tends to be "do once and forget
   about the maintenance".

 * Does pip3 or pnpm duplicate some of the functionality of
   pkgsrc, such as dependency tracking?  Do they have operations
   corresponding to "pkgin fug"?  I suspect they are covering
   parts of what pkgsrc is or does, but not all.  And for a
   partial coverage, the admin now has to relate to multiple
   packaging systems, which increases admin complexity.

 * Packages installed outside of pkgsrc do not get the benefit of
   audit-packages, so discovering packages which are installed and
   which are flagged will be more difficult.  (I'm not saying our
   maintenance of pkg-vulnerabilities is perfect, far from it, but
   it is what we have...)

With leaf packages in pkgsrc, a user can do "pkgin fug", and get
package upgrades (including security fixes, of course) with little
administrative effort, and that at least someone else has looked the
package over briefly, and you get proper dependency tracking.

My suspcion is that with these other installation methods, there's a
fair chance you'll miss out on several of these.

Regards,

- Håvard