The ports move

Samy Al Bahra samy at kerneled.org
Fri Jul 15 17:05:58 GMT 2005 

On Fri, 2005-07-15 at 13:25 +0200, Pawel Jakub Dawidek wrote:
> While I fully understand that it is a good idea to allow for 3rd party
> policies in ports, I don't really see the need for moving current
> policies that had been in the base for years(?) now to ports.

Consider that with moving these policies out of base, we can maintain
these "official" policies into a seperate repository that will allow us
finer-grained access control as to who can contribute to what (opening
us up to a larger pool of contributors). For example, consider the
efficiency with the trivial portacl prison patch (it's still not in). :)
This also opens us to some possibilities with regards to packaging
(which will not be supported by default). Note that it is a rule of
thumb with regards to ports that in order for a new virtual category to
be created and new infrastructural changes to be merged in, at-least 7
ports must be members of the category.

> Shouldn't we leave them alone and put all new policies into ports?
> And after some time and testing we can move most popular policies
> to the base.

At the end of day, more and more policies will be added to base,
requiring more and more administration cruft. For popular policies, we
can include a distribution set as part of FreeBSD releases. What is the
advantage of moving these policies into base? What are the advantages of
moving these policies to ports?

> Another thing I want to note is that mac_seeotheruids policy is an
> example. There is simlar functionality without MAC and I don't
> really see the need for removing example policies.

I agree. The port will be removed (rwatson also noted that example
policies of no production use should stay in base, but requested for a
port for this policy be created anyways).

I am assuming people are fine so far with regards to the versioning
scheme?

-- 
Samy Al Bahra <samy at kerneled.org>
Kerneled.org

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list