From nobody Sat Aug 20 18:10:34 2022 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M969k6L8Gz4Zt8c for ; Sat, 20 Aug 2022 18:10:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4M969k4dLWz3gC2 for ; Sat, 20 Aug 2022 18:10:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4M969k3jKrzgwt for ; Sat, 20 Aug 2022 18:10:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 27KIAY0B038572 for ; Sat, 20 Aug 2022 18:10:34 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 27KIAY9h038571 for ports-bugs@FreeBSD.org; Sat, 20 Aug 2022 18:10:34 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 265651] [NEW PORT] archivers/zpaqfranz: versioned/snapshot archive Date: Sat, 20 Aug 2022 18:10:34 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: franco@francocorbelli.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1661019034; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SQSzlKnhXkYJu5ft22DdG9v/kgnnwwj+SFtDo9EiYA8=; b=Md/3j5eMaPCftYn4/g2vFgIFJ07xbHTGsRNiUlYvN7KX9zeerBb1HZn0ROSwK5YjJlB3wu GlZsJ1uzWtJ3XclBBUxBoyEMxux6V4LANPENug22uAbNY9shIAMrUhl1pp1T/Zr91E3eTp aAAOSCYzzt+58nqs9t55zI2Zw6Gs7mtkw83Cqms6fC7FlgqCgmTolpwOWLld6vSzQeQYZX BDQwqWA1a6wL17X3q/1Z/+2uJr8+Q3CcXZ8nOJg81Zi1t28z6DBAqE5+O5QaeX3i1IK4yZ FyUHrQcnxtyzAgMYQTmVGm8GvAXgu15bujZkT5pqVArKikcVoBAcWHpzc9ohXQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1661019034; a=rsa-sha256; cv=none; b=wrP0aM+X7T4GIqNd6TT/ueezLse6IXqVHyiNr4s+jKTQDkHOHmCHn9joB3DBRUNJNWGRP1 PmWOFKFecdf0pokleKVorpQc90LRXkZHsWvKoELpq/dmeW0C+PT4wUQAreNzB81MSEQ7NE aNgckQsEsCCEG4DjZxl5lFUJ3Vm2CR1ALAKtAI/ODZEKB+QJdk6NJBSYIUUuspCj/55Kdc YYmpj314KKP9eAMCOJLLm3aQjXr9KO0jmOn1UrbR7X9KvbX+dkHyL+5PJvG/P3RFjMwjLu /+0hWGLVySKOXvTpO2zp3I77t0u7cMZ7FfsOPMB67MSj/h2DLSYIzl9ouwlzwg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D265651 --- Comment #22 from Franco Corbelli --- (In reply to Felix Palmen from comment #21) >It's not forbidden, but it's typically removed if there is no unavoidable= =20 >reason.=20 >Remember, we're talking about managed packages here. No way required libs = will=20 >just disappear (except for a user going rogue as root, but that's not real= ly a=20 >concern).=20 In reality, they always "disappear" (better: some dependency of some program automatically uninstalls another program, which in turn had a specific vers= ion etc) Classic example: sphinx, mysqlclient and mariadb But I wouldn't want to go too far, let's go back to zpaqfranz: I do not thi= nk it is not the best choice, but if dynamic linking is good for you, is good = for me too >- you can't control whether security fixes are really applied Security fix for an archiver? And what kind can they be? In reality, any malicious injection into a shared library affects "everyone= ", even zpaqfranz, which does not need it at all Similarly for bugs introduced (it often happens) My philosophy is: as long as it works, leave it alone. Do not even touch. Maybe it's different on "newer" FreeBSD As always, there are costs and benefits in every choice. >you lose reproducible builds when these libs are ever changed It doesn't seem like a problem to me, but it's not important >So, in this case here, I see no reason for static linking.=20 OK, dynamic linking is definitely good (...) >Almost certainly, this wouldn't be accepted, and people would tell you "ad= d a=20 >symlink to your original port". I will make (if I have to) a dedicated Delphi program which, from the zpaqf= ranz source, will make the source dir.cpp, without all the useless portions A couple of hours of work, a different software, a different port. >Again, a root user "going rogue" is not a relevant scenario. It happens all the time :) So much so that there is a specific trick in zpaqfranz also for this case >This sounds like a port/package would be unsuitable for your software (...) Don't confuse the "normal" user, the one using port or package, with the "advanced" user. The latter will download the latest version of the source with wget or even git-something and compile it by hand (no make needed), linking statically :) Or, maybe, it will write its very own zpaq++ > but not if every single version drops backwards compatibility ...=20 > it can't grow forever. Backward compatibility is ensured: it is a key element of my project. I worked hard to "hack" the storage format of zpaq to save the CRC-32 and t= he hash of each file, for SHA-1 collision detection, without the zpaq version already in the port tree even noticing it. Statically compiled executables can (and usually are) be launched directly = with their version name: they are independent Remember: each is about 2MB in size, no configuration file, no dependencies --- But let's not exaggerate, the "normal" user doesn't want much more than=20 "make install clean" or "pkg install something" My port proposal is for that "type" of user Short version: dynamic linking OK --=20 You are receiving this mail because: You are the assignee for the bug.=