Has the port collection become to large to handle.
Beech Rintoul
beech at alaskaparadise.com
Sun May 14 16:44:25 UTC 2006
On Sunday 14 May 2006 06:08, fbsd wrote:
> fbsd wrote:
> > The fact is the maintainer is all ready being trusted to
> > manage the port so I see no reason NOT to trust him to
> > create the matching package.
>
> Because they don't. The port maintainer is trusted to maintain the
> port
> ... and then a bunch of people are trusted to audit the ports before
> the
> update is allowed in to the ports tree.
>
> Or at least, that's how I thought it worked.
If a maintainer tries to put a backdoor or malicious code in a port it's next
to impossible to hide it in the source code. How would you propose doing that
with a binary? Having the portmanager test every binary that is submitted
would slow down the package builds even more.
>
> ********* so working with in that same procedure the maintainer
> passes the packages to the audit people and they pass it on.
> No problem with this at all.
>
> > Even the need of the secure massive package built process is
> > now questionable.
> > The resources and time needed for performing the
> > secure massive package built must impact the release timeline of
> > new FreeBSD releases. Doing away with it may streamline many
> > other different internal release process.
The packages are built on a continual basis. The main reason for this is to
make sure they build on all systems. Having a package to install is
secondary. There is plenty of time after a code freeze for a package run.
>
> The personalised dynamic ports tree is by far the best suggestion so
> far. A 'most commonly used' ports tree is a daft idea, IMHO, and I
> fully
> expect myself to be one of those people who uses quite a few ports
> that
> would never make it on to that list. And it's not like I do a lot
> weird
> stuff, either. I just think that with the number of fbsd users on
> this
> planet, coupled with the number of ports in the tree ... well,
> there's
> going to be an awful lot of minorities.
>
> **** the port make method will still be there for all ports with
> limited usage history, it will just not have a package for it
> because
> it has limited usage.
>
> Also, I think the idea of having a central database to monitor which
> ports are used has privacy issues, which will require every port to
> have
> a privacy disclaimer and an opt-out option. So much for
> streamlining.
>
> ******** There is no privacy issues. Passing cookies is normal and
> done as matter of fact by most commercial websites and any website
> that
> uses php session control makes cookies by default.
> This is a no-issue issue.
Beech
--
---------------------------------------------------------------------------------------
Beech Rintoul - Sys. Administrator - beech at alaskaparadise.com
/"\ ASCII Ribbon Campaign | Alaska Paradise
\ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310
X - NO Word docs in e-mail | Anchorage, AK 99501
/ \ - Please visit Alaska Paradise - http://www.alaskaparadise.com
---------------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060514/fe76b13e/attachment-0001.pgp
More information about the freebsd-ports
mailing list