From nobody Wed Jan 11 20:44:58 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NsfnS0jXSz2r7B4; Wed, 11 Jan 2023 20:45:00 +0000 (UTC) (envelope-from dg@syrec.org) Received: from mail.syrec.org (mail.syrec.org [52.45.165.224]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4NsfnR5bB3z3jgF; Wed, 11 Jan 2023 20:44:59 +0000 (UTC) (envelope-from dg@syrec.org) Authentication-Results: mx1.freebsd.org; none Received: from [192.168.100.100] (38.200-55-228.etapanet.net [200.55.228.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.syrec.org (Postfix) with ESMTPSA id 958189D0D9; Wed, 11 Jan 2023 15:44:58 -0500 (-05) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=syrec.org; s=default; t=1673469899; bh=zjR/WmG1Y+VDTDAMxDfgj4TUWMm4wTTryYSmKzbGl7Q=; h=Date:From:Subject:To:Cc:References:In-Reply-To:From; b=nmYu2Qbd9991dunA6mq/OzguzeePpqgQ9HP7K4TAIC8ht6sFnBoFAHfPxxLq6ftMk +5ZyrU6+2m1bu7Ng6DO/G50KTkvsMkyUApf30c2zv7CpM29cY0S9rBCpC9Mc7ZgM7U 3OlB3D5yx2LdfYsm/wC+NKGl1K33agVLL3ci3aaE= Message-ID: <7bed3cdc-a3f2-a768-e6ab-355b524f9ea2@syrec.org> Date: Wed, 11 Jan 2023 15:44:58 -0500 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 From: Dmitri Goutnik Subject: Re: git: cf25897f304e - main - lang/go119: Update to 1.19.5 To: Emmanuel Vadot , Adam Weinberger Cc: Dmitri Goutnik , ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org References: <202301111401.30BE1eAN069454@gitrepo.freebsd.org> <8a2d2724-75f5-ec2a-41af-5b353acb3aa0@syrec.org> <20230111191326.226f0b0346f61136055e62fa@bidouilliste.com> Content-Language: en-US In-Reply-To: <20230111191326.226f0b0346f61136055e62fa@bidouilliste.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4NsfnR5bB3z3jgF X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:14618, ipnet:52.44.0.0/15, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On 11/01/2023 13:13, Emmanuel Vadot wrote: > On Wed, 11 Jan 2023 10:58:14 -0700 > Adam Weinberger wrote: > >> Ahh okay, I wondered what the calculus on that was! >> >> It seems a little odd to me to only bump for security changes. Given that >> all go binaries are statically linked from the go stdlib, upgrading go >> alone does nothing for the entirety of go ports. > It does not do nothing, in fact it does a really bad thing which is > that we now have different package result for all go ports that what is > currently in the package repo (official or not). > Also since the builder always bulk -c (I think) this means that if a > user install whatever go package today and another user install the same > package after the next build they will have different package. And if > this go update actually fixes a bug that is present in this package it > means that the first user will have the bug and not the second one, so > it causes headache for PR. I will bump revisions, but the same problem exists with Rust, Crystal and anything else that builds statically linked executables. My perception of this issue is less dramatic, but if it seems super important then perhaps revision bumps shouldn't be left to committers and pkg and/or poudriere could record the Go version that packages were built with and do rebuilds automatically as needed. It seems that only FreeBSD does these massive revision bumps, neither Arch, Debian or OpenBSD are doing that (I don't know whether their packaging infrastructure handles rebuilds automatically or they just don't see the need). Also, there's a whole another can of worms that is quarterly, where these revision bump commits are practically unmergeable. >> Does the benefit of fewer upgrades offset the value lost by go upgrades >> that don't make it to go-based ports? >> >> # Adam >> >> >> On Wed, Jan 11, 2023 at 9:47 AM Dmitri Goutnik wrote: >> >>> Hi Adam, >>> >>> No, the release notes do not mention any security fixes so this is just a >>> bugfix release. >>> On 11/01/2023 10:56, Adam Weinberger wrote: >>> >>> On Wed, Jan 11, 2023 at 7:01 AM Dmitri Goutnik wrote: >>> >>>> The branch main has been updated by dmgk: >>>> >>>> URL: >>>> https://cgit.FreeBSD.org/ports/commit/?id=cf25897f304ef0251fdc238c9d13ea3b1b6dad16 >>>> >>>> commit cf25897f304ef0251fdc238c9d13ea3b1b6dad16 >>>> Author: Dmitri Goutnik >>>> AuthorDate: 2023-01-11 13:58:47 +0000 >>>> Commit: Dmitri Goutnik >>>> CommitDate: 2023-01-11 14:01:05 +0000 >>>> >>>> lang/go119: Update to 1.19.5 >>>> >>>> Changes:https://go.dev/doc/devel/release#go1.19.5 >>>> >>> Hi Dmitri, >>> >>> Are you intending to bump go ports after this update? >>> >>> # Adam >>> >>> >>> -- >>> Adam Weinberger >>> adamw@adamw.org >>> https://www.adamw.org >>> >>> >> -- >> Adam Weinberger >> adamw@adamw.org >> https://www.adamw.org