Re: dns/bind916 builds rust unexpectedly

From: Roger Marquis <>
Date: Tue, 26 Sep 2023 01:23:11 UTC
On Mon, 25 Sep 2023, Mark Millard wrote:
> ... it takes so long to build (and distribute) the 30,000+
> packages (or any large incremental subset or subset that
> involves huge builds) that a fair number ports have had
> updates before the distribution completes and starts being

Even just getting the ports tree updated can take days (or more) even
after vulnerabilities are patched.

Take bind9 for example.  We use Poudriere for most updates but not bind9
as it often should be patched as soon as updates are are available.  If
you wait for gitup or Poudriere to pull a new Makefile, even with
nothing more than a new version string, it can take days (2 or 3 days
for the most recent patch).  It's not an issue here as we a) edit the
Makefile to specify the current version, b) make makesum, c) make sure
the build does not use python (by manually editing the port's options
file, d) make package and e) pkg install (or update), which takes
maybe 10 minutes.

It sounds like what we really need om this case is just a way to
maintain options keys and values that are not specified in the Makefile.
Of course that won't work for all bloated packages but it would help.

Roger Marquis