Automatic Port

[Cy Schubert]

In message <CADLo83-7i2cP+rKdz6Z-kw1asHmfLqJk+hOiZg9fm0V8xqYwdA at mail.gmail.c
om>
, Chris Rees writes:
> --000e0cdfc7bc127afc04c9025077
> Content-Type: text/plain; charset=ISO-8859-1
> 
> On 6 Sep 2012 05:57, "Cy Schubert" <Cy.Schubert at komquats.com> wrote:
> >
> > Hi all,
> >
> > I'm considering a -devel port which checks out from our upline's VCS repo,
> > also generating a dynamic plist. I'm sure this is possible. Are there any
> > examples of this?
> 
> It's possible, but you can't then do distinfo checks.
> 
> I don't think it's a good idea for this reason.

The distinfo checks are there to verify the integrity of the tarball. 
Should a VCS become compromised any resulting tarball created by an upline 
would also be compromised and our distinfo would ensure the integrity of 
compromised source. In the case of a tarball which is rolled multiple times 
a week, e.g. ntp-devel, or daily, e.g. fwbuilder's devel branch, it would 
become a daily chore to maintain the latest devel package, in which case 
one would need to roll an updated port once every couple of weeks, kind of 
like a snapshot approach.

I think I've seen only one port over the years use a VCS (CVS) to check out 
its source files.


-- 
Cheers,
Cy Schubert <Cy.Schubert at komquats.com>
FreeBSD UNIX:  <cy at FreeBSD.org>   Web:  http://www.FreeBSD.org