Date: Tue, 22 Jan 2008 00:04:39 -0600 From: linimon@lonesome.com (Mark Linimon) To: Doug Barton <dougb@FreeBSD.org> Cc: P Bielecki <pawciobiel@gmail.com>, Kris Kennaway <kris@FreeBSD.org>, freebsd-ports@freebsd.org Subject: Re: packages with security vulnerabilities Message-ID: <20080122060439.GA23921@soaustin.net> In-Reply-To: <4795316B.4040600@FreeBSD.org> References: <2e420cc20801200650q19ed0d03h38a3152b26f22643@mail.gmail.com> <479375C0.30507@FreeBSD.org> <2e420cc20801210901k1e15fdep55b4829551114d50@mail.gmail.com> <47950E4C.1030104@FreeBSD.org> <4795316B.4040600@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 21, 2008 at 03:57:31PM -0800, Doug Barton wrote: > If I understood the question correctly, I think the OP is asking about > the frequency of rebuilding packages with security updates. In which > case your answer is still correct, but leads to a new question, which is > would it be possible to trigger an update for a port that has a security > update sooner? The package updates are triggered by changes to the INDEX file. If the port's metadata changes (which is a near 100% guarantee if it's a security fix), we would need to kill off the existing build, build a new INDEX, and then restart the build. And, of course, do this times 4 for FreeBSD-5/6/7/8, times 3 for the number of architectures we try to build. (Given that there are empty cells in that table, so we "only" try to build 10 package sets). Writing a package build cluster that keeps a rolling model of the INDEX metadata as every commit comes in, so it would know what dependencies need to be rebuilt, is left as an exercise for the reader. mcl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080122060439.GA23921>