Subject: Re: pkg-vulnverabilities location
To: Alistair Crooks <agc@pkgsrc.org>
From: Eric Haszlakiewicz <erh@nimenees.com>
List: tech-pkg
Date: 02/07/2005 21:20:53
On Mon, Feb 07, 2005 at 10:44:01PM +0000, Alistair Crooks wrote:
> On Sat, Feb 05, 2005 at 01:36:36PM -0600, Eric Haszlakiewicz wrote:
> >
> > I've been getting a bit annoyed that I need to keep creating a
> > /usr/pkgsrc/distfiles directory on machine without pkgsrc just to provide
> > a location for download-vulnerability-list to put it's list. I know
> > I can change that by setting PKGVULNDIR, but it seems like a poor default.
> >
> > How about if we change that to /var/db or /var/tmp?
> > (or even ${PREFIX}/var/db, if there's an easy way for a script to know
> > where it happens to get installed into)
>
> Please don't change it from ${PKGVULNDIR}. The DISTFILES directory
> was chosen for a purpose, and you can modify it with PKGVULNDIR, as
> you say. Far from it being a "poor default", there isn't really a
> better one.
So why was $DISTDIR used as the default? As far as I know, nothing
else places runtime files in a source directory. Even outside of pkgsrc
that rule is followed. e.g. /usr/src isn't used by the base system to hold
config/generated files. If there isn't a better location we should define
one, and include it as part of the package so installing the package
ensures that the directory exists.
> /var/tmp is not meant for things like that, and we have been
> overloading /var/db for too long for it to be viewed as a viable
> alternative.
From hier(7):
/var/
db/ miscellaneous automatically generated system-spe-
cific database files, and persistent files used in
the maintenance of third party software.
Isn't that _exactly_ what pkg-vulnerabilities is?
eric