pkgsrc packaging of base?

Paul Allen pallen at donut.ugcs.caltech.edu
Wed Feb 8 15:03:04 PST 2006


> It makes it work well right up until gzip or some other program ends
> up with a security hole, and then you have to either manually patch it
> (having no way to verify later if it was patched other than 'md5') or
> upgrade the entire OS to -STABLE. Most modern OSs don't require that
> much work for simple fixes. It'd be great if DragonFly followed suit.
> 
> Some things are going to be harder to manage, like the aforementioned
> sysctl's, ioctl's, procfs, but if we just accept that some things
> (libraries, etc) have to be kept in sync with the kernel package, then
> I think we'll be OK.
> 
> Without packaging up the base system, updating a small amount of
> servers (100 or so) becomes a very difficult task -- speaking from
> personal experience and frustrating with the FreeBSD 'monolithic'
> version system.

Ironically you completely missed my point*.  :o)

Actually I agree so much as that your goes with the proviso 
that "making everything a package" does not mean "abandoning 
careful library versioning, avoiding library version bumps 
when possible, and mandating library version bumps when
necessary."

At least that's my position until another way of handling
versioning hell (like that VFS overlay business) comes to
practical fruition.

* My whole ramble about not making a disciplined
  contribution to the discussion was about mentioning an
  orthogonal issue :o) in a conversation that could be
  likely to ignite passions.
 
        Paul





More information about the Kernel mailing list