Has the port collection become to large to handle.

Beech Rintoul beech at alaskaparadise.com
Sun May 14 16:44:25 UTC 2006

On Sunday 14 May 2006 06:08, fbsd wrote:
> fbsd wrote:
> > The fact is the maintainer is all ready being trusted to
> > manage the port so I see no reason NOT to trust him to
> > create the matching package.
> Because they don't. The port maintainer is trusted to maintain the
> port
> ... and then a bunch of people are trusted to audit the ports before
> the
> update is allowed in to the ports tree.
> Or at least, that's how I thought it worked.

If a maintainer tries to put a backdoor or malicious code in a port it's next 
to impossible to hide it in the source code. How would you propose doing that 
with a binary? Having the portmanager test every binary that is submitted 
would slow down the package builds even more. 
> *********  so working with in that same procedure the  maintainer
> passes the packages to the audit people and they pass it on.
> No problem with this at all.
> > Even the need of the secure massive package built process is
> > now questionable.
> > The resources and time needed for performing the
> > secure massive package built must impact the release timeline of
> > new FreeBSD releases. Doing away with it may streamline many
> > other different internal release process.

The packages are built on a continual basis. The main reason for this is to 
make sure they build on all systems. Having a package to install is 
secondary. There is plenty of time after a code freeze for a package run. 
> The personalised dynamic ports tree is by far the best suggestion so
> far. A 'most commonly used' ports tree is a daft idea, IMHO, and I
> fully
> expect myself to be one of those people who uses quite a few ports
> that
> would never make it on to that list. And it's not like I do a lot
> weird
> stuff, either. I just think that with the number of fbsd users on
> this
> planet, coupled with the number of ports in the tree ... well,
> there's
> going to be an awful lot of minorities.
> **** the port make method will still be there for all ports with
> limited usage history, it will just not have a package for it
> because
> it has limited usage.
> Also, I think the idea of having a central database to monitor which
> ports are used has privacy issues, which will require every port to
> have
> a privacy disclaimer and an opt-out option. So much for
> streamlining.
> ******** There is no privacy issues. Passing cookies is normal and
> done as matter of fact by most commercial websites and any website
> that
> uses php session control makes cookies by default.
> This is a no-issue issue.


Beech Rintoul - Sys. Administrator - beech at alaskaparadise.com
/"\   ASCII Ribbon Campaign  | Alaska Paradise
\ / - NO HTML/RTF in e-mail   | 201 East 9Th Avenue Ste.310
 X  - NO Word docs in e-mail | Anchorage, AK 99501
/ \  - Please visit Alaska Paradise - http://www.alaskaparadise.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060514/fe76b13e/attachment-0001.pgp

More information about the freebsd-ports mailing list