FYI: new port security/portaudit-db
Jon Passki
cykyc at yahoo.com
Sun Jun 13 13:45:36 GMT 2004
--- Oliver Eikemeier <eikemeier at fillmore-labs.com> wrote:
> Dear porters and port users,
<snip about new port>
> I take this announcement as an opportunity to make a plea to all
> port
> maintainers:
>
> * please stick with *one* PKGNAMESUFFIX (possibly using a
> combined one
> like -sasl-client)
>
> * please *do not* change the structure of the packages version
> number
> according to included components.
>
> Lets take for example port `myport' with has optional components
> c1 and
> c2. This *should not*
> result in the following package names:
>
> port-v
> port-suf1-v+v1
> port-suf2-v+v2
> port-suf1-suf2-v+v1+v2
>
> because I need 2^(number of components) entries to catch all
> possible
> combinations, for example the
> recent vulnerability in www/apache13-modssl would need 32 entries
> in the
> vulnerability database,
> which seems a little high. A net effect is that many combinations
> are
> not recognized, and users remain
> unprotected even though they assume the opposite. If you need to
> record
> the included components, please
> do this in the pkg-message, which is displayed with pkg_info -D.
>
> Again:
>
> * a port should *not* change its version numbering based on
> included
> components
>
> * restrain yourself to *one* suffix in the package name (and use
> a dash
> to seperate it from the main ports name)
No bikeshed here, just pointing out that if you go this route then
change the porters-handbook. Chapter 5.2.4 allows what you wish to
avoid.
Jon
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
More information about the freebsd-ports
mailing list