From owner-freebsd-ports@FreeBSD.ORG  Tue Jan 22 06:04:40 2008
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9BCA516A418;
	Tue, 22 Jan 2008 06:04:40 +0000 (UTC)
	(envelope-from linimon@lonesome.com)
Received: from mail.soaustin.net (lefty.soaustin.net [66.135.55.46])
	by mx1.freebsd.org (Postfix) with ESMTP id 5FD2B13C44B;
	Tue, 22 Jan 2008 06:04:40 +0000 (UTC)
	(envelope-from linimon@lonesome.com)
Received: by mail.soaustin.net (Postfix, from userid 502)
	id CBF2A8C092; Tue, 22 Jan 2008 00:04:39 -0600 (CST)
Date: Tue, 22 Jan 2008 00:04:39 -0600
To: Doug Barton <dougb@FreeBSD.org>
Message-ID: <20080122060439.GA23921@soaustin.net>
References: <2e420cc20801200650q19ed0d03h38a3152b26f22643@mail.gmail.com>
	<479375C0.30507@FreeBSD.org>
	<2e420cc20801210901k1e15fdep55b4829551114d50@mail.gmail.com>
	<47950E4C.1030104@FreeBSD.org> <4795316B.4040600@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4795316B.4040600@FreeBSD.org>
User-Agent: Mutt/1.5.13 (2006-08-11)
From: linimon@lonesome.com (Mark Linimon)
Cc: P Bielecki <pawciobiel@gmail.com>, Kris Kennaway <kris@FreeBSD.org>,
	freebsd-ports@freebsd.org
Subject: Re: packages with security vulnerabilities
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jan 2008 06:04:40 -0000

On Mon, Jan 21, 2008 at 03:57:31PM -0800, Doug Barton wrote:
> If I understood the question correctly, I think the OP is asking about 
> the frequency of rebuilding packages with security updates. In which 
> case your answer is still correct, but leads to a new question, which is 
> would it be possible to trigger an update for a port that has a security 
> update sooner?

The package updates are triggered by changes to the INDEX file.  If the
port's metadata changes (which is a near 100% guarantee if it's a security
fix), we would need to kill off the existing build, build a new INDEX, and
then restart the build.  And, of course, do this times 4 for FreeBSD-5/6/7/8,
times 3 for the number of architectures we try to build.  (Given that there
are empty cells in that table, so we "only" try to build 10 package sets).

Writing a package build cluster that keeps a rolling model of the INDEX
metadata as every commit comes in, so it would know what dependencies need
to be rebuilt, is left as an exercise for the reader.

mcl