Subject: Re: pkg/19479: pkgsrc waits until package is built to check for
To: John Franklin <franklin@elfie.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-pkg
Date: 12/20/2002 19:47:13
On Fri, 20 Dec 2002, John Franklin wrote:

> Updated binary packages aren't available on ftp.netbsd.org for 1.5.3,
> which means I have to build them myself.

Hopefully, the bad packages are removed. There are some build machines
that build packages almost daily. It would be good if the updated packages
built under 1.5.3 would be made available via ftp.

> The pkgsrc-current makefiles don't work with out some new .mk files or
> the -current make and possibly the rest of the toolchain.  I'm not sure
> which, and when I'm running a production system looking for updated
> packages to fix security holes, I'm not interested in debugging it.

You don't need -current's make and toolchain. But you do need the updated
pkgsrc/mk directory and the complete pkgsrc always should be updated as a
whole.

I definitely understand your situation. I wrote about some of these issues
at http://www.bsdtoday.com/2001/January/News377.html.

There should be updated packages for 1.5.3 on the ftp server.

There probably should be a stable branch for only security updates.

Maybe someone can volunteer to host a copy of the pkgsrc based on
netbsd-1-5-PATCH003, but integrate the few security fixes.

Then maybe someone can also provide the few updated packages.

(The new pkgviews may help, but I haven't used it yet.)

Also, using audit-packages during the build is a good idea too...

   Jeremy C. Reed
   http://bsd.reedmedia.net/

p.s. I already help with commercially providing binary updates for
NetBSD's base system.
http://www.pugetsoundtechnology.com/services/netbsd/updates/
Maybe we could start providing "stable" pkgsrc (for security issues only)
and packages made for any security issues.