Unexpected dependencies of graphics/libGL
Luís Fernando Schultz Xavier da Silveira
schultz at ime.usp.br
Tue Jan 19 05:09:31 UTC 2016
Hi,
That is a very cool idea. However, it does not make sense to me.
>From a security point of view, it is not an improvement because malware
in the build dependencies could still affect the results of the
compilation within the jail and hence the final binaries and pkg
scripts.
Furthermore, theoretically if an uncessessary dependecy can break the
vanilla system, it can also break it for the same reason with this
trick (it is just less likely).
Also, the build dependencies will be built over and over again
inside the jails during updates (and there are a lot of them).
So, while Poudriere is useful for building packages from the point of
view of the FreeBSD infrastructure (who does not install the packages
itself), it does not make sense to me for a system that will be
installing the packages.
On Mon, 18 Jan 2016 11:12:35 -0500
kpneal at pobox.com wrote:
> On Sun, Jan 17, 2016 at 10:02:47PM +0100, Polytropon wrote:
> > On Sun, 17 Jan 2016 16:20:18 +0000, Luís Fernando Schultz Xavier da Silveira wrote:
> > > Hi,
> > >
> > > To me, using ports is a must.
> >
> > Okay, so pkg is not an option here.
>
> I swear by Poudriere. It does all the builds in jails and then presents
> a package repository understood by pkg. This gets me packages and all the
> R-deps but I never have to install any of the B-deps.
> --
> Kevin P. Neal http://www.pobox.com/~kpn/
>
> Seen on bottom of IBM part number 1887724:
> DO NOT EXPOSE MOUSE PAD TO DIRECT SUNLIGHT FOR EXTENDED PERIODS OF TIME.
>
More information about the freebsd-questions
mailing list