Re: Improving security for pkgsrc

[David Holland <dholland-pkgtech%netbsd.org@localhost>]

On Sun, Jul 26, 2015 at 01:07:22AM +0200, Pierre Pronchery wrote:
 > > Generally, we declare each variable to be user-settable in mk.conf
 > > or pkg-settable in Makefile, and never both.  See the FETCH_USING 
 > > flamage...
 > 
 > Good point; I do think here it really makes sense to support both
 > though, just like in NetBSD's base system.

NetBSD's base system does not support "both" in the sense of a
variable that's both user-settable and build-system-settable. That's
why base has both MKFOO and USE_FOO settings.

 > And even then, packages
 > could set "PKGSRC_USE_SSP?=yes" and then the global setting would take
 > precedence always if set explicitly.

Then you can't limit configuring it to yes to packages where it's been
tested and found to work.

 > b) My personal take on this is:
 > - - it finds bugs (which is a good thing)
 > - - breaking is fail-safe (likewise)

...it will likely break too many things to be anything other than an
explicit setting for the near to middle future.

-- 
David A. Holland
dholland%netbsd.org@localhost