nia <nia%NetBSD.org@localhost> writes: > On Fri, Jun 10, 2022 at 08:07:47AM -0400, Greg Troxel wrote: >> pkgsrc policy so far has been to respect the base system choice of >> whether to pre-configure trust anchors or not. That means not changing >> things in /etc, and it also means that when pkgsrc installs openssl that >> there aren't configured trust anchors from pkgsrc. > > I (and some others) would like it so that no more packages can be > added that fiddle with stuff outside the pkgsrc prefix and VARBASE > without explicit community discussion. I see; that's a fair point. > Certainly these packages should not be used on non-NetBSD platforms > and they should be tightly restricted with ONLY_FOR_PLATFORM and > probably some other checks about what exactly they might be > installing to, or overwriting. I wouldn't say "NetBSD only" (how do people deal with trust anchors on IRIX?) but agreed that they should be careful enough not to do wrong things on other platforms. I am trying to separate: - A) package touches things outside of PREFIX so it needs review for doing so in a sane way, probably meeting standards of disclosures, and no other package is allowed to depend on it. As part of this we might require packages like this to be split into the one that munges outside, and one that just installs within prefix. - B) we have one and people don't like the other one To me the second point doesn't fit with pkgsrc, where users having choices is normal. And that means "we can't add Y via A because for this purpose X is ok" doesn't seem reasonable.
Description: PGP signature