Subject: Re: Binary package sets
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
From: David Brownlee <abs@netbsd.org>
List: tech-pkg
Date: 04/24/2001 12:47:40
On Tue, 24 Apr 2001, Manuel Bouyer wrote:
> On Tue, Apr 24, 2001 at 01:25:03PM +0200, Dr. Rene Hexel wrote:
>
> Yes, I agree. But the problem is that
> 1) with the current sheme it's almost impossible to have a set of binary
> packages in a consistent state *and* with security updates
> 2) so whe have to go with pkgsrc to get a security fix. So update
> pkgsrc/foo/bar. But this doesn't work because it wants an up-to-date
> pkgsrc/mk, which wants a new pkgtool, etc...
>
> This can be worked around (I do :), but the main problem here is that we can't
> provide binary packages that can easily be updated for security, because
> most of the time it requires updating a lot of dependancy.
We should be able to provide a set of 'current' packages, updated
from a bulk build, all of which work together wrt DEPENDS.
Any 'security fix' package needed urgently should really be built
against packages from the currently uploaded set.
I agree a branched pkgsrc with security pullups would be a really
useful feature, but so is a current consistent set of binary
packages, and I think we should work on the latter first.
David/absolute -- www.netbsd.org: No hype required --