port-i386: Re: Confusing "current" versions of IPF (a.o.?)

Subject: Re: Confusing "current" versions of IPF (a.o.?)
To: John Franklin <franklin@elfie.org>
From: Frederick Bruckman <fb@enteract.com>
List: port-i386
Date: 05/23/2001 19:38:52
On Wed, 23 May 2001, John Franklin wrote:

> On Wed, May 23, 2001 at 06:13:54PM -0500, Frederick Bruckman wrote:
> > Overwriting the base system files is nasty, because it makes your
> > configuration really hard to reproduce after a system upgrade. (Been
> > there!)
>
> Well, why doesn't pkgsrc check for a config file, then?  It should be
> pretty trivial to patch the install to copy examples to something
> like /usr/share/examples/{progname} and/or install a default config
> file only if the config file doesn't already exist.

So what happens when sysinstall untars base.tgz? Or you do a "make
build" in /usr/src?

The issue is not that pkgsrc doesn't support overwriting the base
system files (which it doesn't), the issue is that the base build
doesn't respect alien files in the base system. That's what /usr/local
and /usr/pkg are for!

> This is, I think, what David is trying to get at, and something I'd
> like to see the pkg collection address as well: updating the existing
> system.  The NetBSD community prides itself in putting out the most
> stable, most portable software quite possible in the world.  We pay
> a price to do so: long delays between releases.  Typically, we've
> seen a patch release every six months, and a minor number bump
> every 18 months.  A lot can happen in that time.
>
> Since putting out 1.5, we've seen Security Alerts for ntp, ssh, bind,
> ftpd, and libkrb.  Why can't we install the security patches through
> pkgsrc?  I envision something like:
>
> foo# cd /usr/src/pkgsrc/SA
> foo# cvs update [-r netbsd-1-x]
> foo# make install
> foo# [restart affected services, if make install can't]

Uh, if you can use cvs, why aren't you tracking the release branch?
That -- the release branch -- is the carefully planned and integrated
NetBSD that we know and love. Did you read those SA's? Every one of
them explained that the latest fix's are in current and on the release
branches, and a few even described how to replace your system binaries
with pkgsrc versions, with appropriate caveats.

So when you see an SA that seems to apply to you, do this:

	cd /usr/src
	cvs update -r netbsd-1-5
	make build

We _could_ distribute weekly numbered patch kits, and we _could_
provide a java applet so that your browser could install them for you,
but we don't! "cvs" makes all that crap obsolete and inferior. Even
"sup" tracks the release as well as it tracks pkgsrc.


Frederick