Subject: Re: Speeding up check-vulnerable
To: Hubert Feyrer <hubert@feyrer.de>
From: John Klos <john@ziaspace.com>
List: tech-pkg
Date: 02/26/2005 20:07:44
> First, I see no real gain in adding this to pkg_admin, as I think it's rather
> uncommon to run this interactively. Waiting 5-15 seconds in the daily output
> shouldn't hurt to add this to pkg_*. (I'm conservative about breaking up the
> "combine tools" approach).
If it were just an issue of the daily security check taking longer, then
it wouldn't matter much. Checking vulnerabilities is done at the beginning
of making every package. Even on a 400 MHz PowerPC 604ev, it takes around
25 seconds, and a 66 MHz m68060 takes 90 seconds. Ignoring that would be
ignoring the fact that NetBSD is pretty much the OS of choice for older
hardware.
On top of that, it's not stateful - if a make gets interrupted at any
point, resuming rechecks vulnerabilities, which doesn't make much sense to
me.
John