bin/34628: [pkg_install] [patch] pkg-routines ignore the recorded md5 checksums

Erwin Lansing erwin at FreeBSD.org
Wed Nov 15 20:05:29 UTC 2006 

On Wed, Nov 15, 2006 at 02:10:52PM -0500, Mikhail Teterin wrote:
> ?????? 15 ???????? 2006 13:23 ?? ????????:
> > > That's a surprisingly naive way of thinking... The CONFLICTS
> > > functionality is broken on occasion in bsd.port.mk, and not every port
> > > sets it anyway...
> 
> > If CONFLICTS is broken, CONFLICTS should be fixed, not pkg_info. If some
> > ports don't set it, they should be fixed, not pkg_info.
> 
> People should never get sick -- we don't need doctors. Programs should be 
> bug-free, we don't need debuggers...
> 
> But 'pkg_info -W' ALREADY detects the situation, which is never supposed to 
> happen -- when multiple packages claim the file. According to both you and 
> sobomax, this functionality should be ripped out. I disagree, and my change 
> uses the checksums to help the user identify, which of the multiple packages 
> is the right one.

OK
> 
> > > `pkg_info -W' would also be able to warn about checksum mismatches, which
> > > would suggest, a file has been modified (or corrupted) since getting
> > > installed.
> >
> > Now, that sounds more like a good idea, although in that case, the code
> > should moved outside the code for checking if multiple ports claim the
> > same file.
> 
> The change was introduced to allow to determine, which of the multiple ports 
> installed the current version of the file in question. It is trivial to 
> modify it to compare the checksum in all cases, at the cost of slightly 
> higher overhead (MD5File called always, even if only one port "claims" the 
> file).

Or maybe hide it behind an extra option to turn it all for all cases.
> 
> > > Anyway, what is the overhead exactly?
> >
> > Explained elsewhere in this thread.
> 
> And promptly refuted in a follow-up... Have you missed it?

No, that's why I'm not commenting on that here.
> 
> > Note, that my reaction was the same as sobomax' back in 2002
> 
> Erwin, that so wrong... Sobomax has expressed doubt and asked a bogus 
> question. You should also note, that FIVE MONTHS passed between my submitting 
> the PR (and assigning it to Maxim -- March 2002) and his expressing "the 
> doubt" (August 2002). 

Sobomax' question is not bogus, it's the same one I asked you. You
should have explained it to him instead of just ignoring him and trying
to get someone else to commit it for you.
> 
> Considering, that he saw the patch and the discussion of it in February 
> (2002) -- and requested I do the PR (a quote from his request is in the 
> trace), his entire participation in the matter should be discounted...
> 
> At the time JKH was still with us, and since he has expressed interest in the 
> functionality, I simply transfered the PR to him.
> 
> > and you then refused to give more information.
> 
> ???? Please, quote a request for "more information", that you accuse me 
> of "refusing" to honor?

Read the audit-trail.
> 
> > As you haven't shown any interest in this PR since, I gathered you were no
> > longer interested and I closed it.
> 
> Erwin, this is completely bizarre. So, not only does one have to describe a 
> problem and offer a solution, one also needs to continuously "show interest", 
> or else the problem will be deemed non-existant?
> 
> > If you are willing to work on this, it would be great though.
> 
> What ELSE can I do? I described the problem. I proposed a (fairly elegant, 
> IMHO) solution. I've been using that solution myself for the last 4 years. 
> You think, I need to do something else?
> 
> Could one of you, please, just try the freaking patch for themselves, instead 
> of trying to guess, what it does and does not do? Like Maxim in 2002, Parv 
> just exhibited serious misunderstanding of the proposed change... It must be 
> my failure to describe it, of course (who else can be to blame?), but I am at 
> a loss, at how to do it better... It addresses a non-trivial use-case and 
> requires a little bit more of attention span, than has so far been granted to 
> it by various people quick to render their dismissing judgements...
> 

Did you actually try to read my mail, or did you just assume that the
whole world is against you? Please reread my mail as constructive
comments on a 4 year old patch instead of being paranoid. Now, can be
get back to the code?

-erwin

-- 
Erwin Lansing                                     http://droso.org
Security is like an onion.          (o_ _o)
It's made up of several layers   \\\_\   /_///
And it makes you cry.            <____) (____>    erwin at lansing.dk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-bugs/attachments/20061115/e64d5997/attachment.pgp

More information about the freebsd-bugs mailing list