Subject: Re: binary packages with vulnerabilities removed from ftp - a bad idea?
To: None <tech-pkg@netbsd.org>
From: Frederick Bruckman <fredb@immanent.net>
List: tech-pkg
Date: 01/30/2005 16:56:11
In article <ctj3d4$mv0$1@sea.gmane.org>,
	fredb@immanent.net (Frederick Bruckman) writes:
> 
> We could have an "exceptions list" maintained the same way as the
> vulnerability list (commit and upload), and ideally at the same time.
> So, the robot would stat all the files in the directory, then merge
> that with the exceptions list.  If it doesn't find a @blddep in the
> resulting list, it could move the package to a "broken" directory
> in the same file system.  Now, the loving guardian has an opportunity
> to rescue the package(s) from the brink, by fixing the exceptions list
> and moving it (them) back.  The broken directory could be purged as
> replacements become available in the main directory (by another robot),
> or, from time to time by hand.

Even better... the exceptions file lists substitutes for the missing
@blddep, so when those finally disapper, the exception becomes moot.


Frederick