Subject: Re: software status
To: Daniel Senderowicz <daniel@bicho.SynchroDS.COM>
From: None <mcmahill@mtl.mit.edu>
List: tech-pkg
Date: 10/24/2001 07:51:58
[moved to tech-pkg from port-pmax]

On Tue, 23 Oct 2001, Daniel Senderowicz wrote:

> Hi,
> 
> After succesfully installing 1.5.2 I ran into a very troubling
> situation with its software. It appears that many of the pre-compiled
> binaries in "packages/1.5/pmax" are missing, especially those that
> are dependencies of others already built. Furthermore, some of the
> default software part of the installation package, e.g.  groff,
> are very ancient versions (in groff case 1.10, 1996).

the missing ones most likely fall into one of the following categories:

- they have licenses which prohibit distribution of binaries (so the
  package builder had it compiled, but was not allowed to upload it)

- a security vulnerability was discovered and it was removed.

---------------------------

regarding groff, it is being updated.

> I understand that compiling all the software is a long and tedious
> task, for which there may not be enough personnel to do it. So
> perhaps we could organize a volunteering task force, in which
> subscribers to the list would compile a few packages, e.g. 1-5. Is
> that something possible?

I suspect that pkgsrc is at around 7 weeks to compile on my DECstation
5000/240.  This makes it hard to keep up.  Work is underway to become a
bit more organized about what pkgs end up on the ftp server though.

While users can certainly share binary pkgs, the policy is to only put
pkgs on the ftp server which were compiled by developers.  As a general
rule, its usually a bad idea to run binaries built by persons unknown
(possibility for security compromise) which is the reason for the policy.
In fact, packages will start being signed.

I know this doesn't help much with your current problem though.


-Dan