new package system proposal
cwhiteh at onetel.com
Fri Apr 10 07:25:20 PDT 2009
Bob Johnson wrote:
> On 4/8/09, Jonathan McKeown <j.mckeown at ru.ac.za> wrote:
>> On Tuesday 07 April 2009 23:35:03 Bob Johnson wrote:
>>> On 4/4/09, Chris Whitehouse <cwhiteh at onetel.com> wrote:
>> The drawback I can see is the disk space required to keep several
>> of packages online - if the package-port bundle is rebuilt every three
>> let's say, and you want to keep 6 months' worth of packages online, you need
>> to keep 9 complete versions available.
Is there a quick way to find out how big are the tarballs without
downloading them all or adding them up one by one?
My distfiles directory is 1.2gb. I guess you could allow 5gb for each
cycle, that's only 45gb for 6 months. If that is realistic a 500gb hard
disk would store 5 years worth. Would anyone want a five year old package?
> I think a bigger drawback is the security issue. As soon as any
> package in the collection has a significant announced security flaw,
> you are faced with the choice of withdrawing the entire collection,
> withdrawing only that package, or leaving the flawed package out there
> for people to use because it is more convenient for them.
Yes this might be an issue> How often are there serious security issues
with desktop type ports?
> PC-BSD seems to already keep up-to-date binary packages of their
> applications. Do they accomplish that by only offering a small subset
> of the full ports collection?
A big difference with PBI's is that each PBI is self contained "with all
the files and libraries necessary for the installed program to function"
(quote from the website). Upside is that it is very easy to install and
avoids dependency problems. Downside is that it requires more bandwidth
to download and more disk space.
I did wonder if it would make sense to just use the PBI system. The
number of packages depends to some extent on individuals volunteering to
make and maintain them - true FreeBSD style.
More information about the freebsd-questions