From owner-freebsd-pkg@FreeBSD.ORG Mon Oct 20 20:15:02 2014 Return-Path: Delivered-To: freebsd-pkg@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 97FF4B82 for ; Mon, 20 Oct 2014 20:15:02 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6050D2D1 for ; Mon, 20 Oct 2014 20:15:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s9KKF2L8033660 for ; Mon, 20 Oct 2014 20:15:02 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s9KKF2Xc033659 for freebsd-pkg@freebsd.org; Mon, 20 Oct 2014 20:15:02 GMT (envelope-from bdrewery) Received: (qmail 25861 invoked from network); 20 Oct 2014 15:14:57 -0500 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 20 Oct 2014 15:14:57 -0500 Message-ID: <54456D40.7030902@FreeBSD.org> Date: Mon, 20 Oct 2014 15:14:56 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Martin Hanson , "freebsd-pkg@freebsd.org" Subject: Re: We need much better security updates for packages References: <821921413779379@web13m.yandex.ru> In-Reply-To: <821921413779379@web13m.yandex.ru> OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="P5WNTQavHlEVPsJkg5prOG2xisQfIfIXj" X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2014 20:15:02 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --P5WNTQavHlEVPsJkg5prOG2xisQfIfIXj Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 10/19/2014 11:29 PM, Martin Hanson wrote: > Hi >=20 > This is a suggestion. >=20 > If "pkg" is going to be any good, meaning as a real replacement for > always compiling from ports, I think it is really important that we > move away from a fixed weekly build when important security upgrades > are pending. >=20 > We cannot wait week or more for the official repos when an important > security upgrade is pending. >=20 (I run the builds) We all agree. There's a lot of challenges to solve with changing how we build packages currently to speed them up. The easiest solution is more hardware. We are working to get more hardware to be able to build more often per week. We don't have anything official to announce yet. We currently build 1 time per week. We have some hardware freed up from not needing the pkg_install builds anymore, and not needing a new_xorg/ssp repository. We should be able to get to 2-3 times per week soon and 4-5 in February once we get additional hardware. We're also trying to balance new hardware with getting ARM/MIPS packages built. IMHO though we need near-daily builds for x86 ASAP. The recent security issues have been difficult. --=20 Regards, Bryan Drewery --P5WNTQavHlEVPsJkg5prOG2xisQfIfIXj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQEcBAEBAgAGBQJURW1AAAoJEDXXcbtuRpfPb0cH/RPDj9lLb8eXvSIyv+1stucU ys7YLLvwZUV52LFaUgIhCjFEufG4uNzhYJ8PygtefecNUPghgLu+GxP+804KA1LI rR2pwBzH3181u0T5+BWpt4dgoOhVfxfMv14qF2ZKudYlnEGmuICkS9ujxpO/UgJ7 +rextjp9AoBiJ73gku9jBnOaUR3tD/AGeKZXRFn0vo9+yjlIxG81ImxPC3NU4wX8 dkY3q9U0gFL5jaqpb8MAG1nApbXEj2pOkf0j3qLarye+hGe+QLlFQlKRClwUKoPv rgWZufPDvttQZBNc74TOijBGKu6njoxTeVxvpQ17wRlHLSVHaqlDEmACqgYV9DQ= =26hh -----END PGP SIGNATURE----- --P5WNTQavHlEVPsJkg5prOG2xisQfIfIXj--