Re: Default to fetching from CDN first?

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Sun, Sep 08, 2019 at 06:45:47PM +0100, Ottavio Caruso wrote:
> On Sun, 8 Sep 2019 at 17:49, Thor Lancelot Simon <tls%panix.com@localhost> wrote:
> >
> > Setting mk.conf like this:
> >
> > MASTER_SITE_OVERRIDE=http://cdn.netbsd.org/pub/pkgsrc/distfiles/
> >
> > Radically speeds up package builds for me.  Note that fall back to the
> > upstream listed in the package Makefile if the CDN doesn't have it still
> > seems to work fine.
> >
> > Is there some reason we shouldn't set this as a default?
> 
> Yes, it might speed up fetch time, but I don't see why it should be
> set as default for everybody.

Uh, because fetches being very fast instead of, typically, 1980s-slow,
is a more appropriate default than something that might work better for
package developers, who could be reasonably expected to run non-default
configs?

> It might give a false sense of security, especially if the original
> source were to be removed from the master site because (and the
> example given is not exhaustive) serious bugs or exploits had been
> found, or because the project is simply not there anymore.

Isn't this supposed to be dealt with at a different layer, to wit, in
the Makefiles or in the vunerabilities file?

> For the same reason, I'm not comfortable with MASTER_SITE_BACKUP defaulting to:
> 
> $ bmake show-var VARNAME=MASTER_SITE_BACKUP
> http://cdn.NetBSD.org/pub/pkgsrc/distfiles/
> http://ftp6.NetBSD.org/pub/pkgsrc/distfiles/
> http://ftp.fr.NetBSD.org/pub/pkgsrc/distfiles/
> http://ftp.NetBSD.org/pub/pkgsrc/distfiles/
> 
> This might well please the end user who wants, like you said, faster
> fetch time, but is misleading for someone who wants to debug a
> package, for the reasons explained above.

In a shipping system, defaults should be chosen for the convenience of
end users, not developers.  Isn't that a pretty widely held opinion?

Thor