From owner-freebsd-questions@freebsd.org Wed Jan 20 03:15:53 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 04FCCA88CA3 for ; Wed, 20 Jan 2016 03:15:53 +0000 (UTC) (envelope-from schultz@ime.usp.br) Received: from iris.ime.usp.br (iris.ime.usp.br [143.107.45.5]) by mx1.freebsd.org (Postfix) with ESMTP id B3B1A18BA for ; Wed, 20 Jan 2016 03:15:52 +0000 (UTC) (envelope-from schultz@ime.usp.br) Received: from cage0 (OTWAON234VW-LP140-05-1176444850.dsl.bell.ca [70.31.31.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: schultz@iris.ime.usp.br) by iris.ime.usp.br (Postfix) with ESMTPSA id 4630E290031A; Wed, 20 Jan 2016 01:15:43 -0200 (BRST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ime.usp.br; s=mail; t=1453259749; bh=9U8GrTktbDAFApYcG2tjaas2/XIucXhVYAxatWInALE=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=igN39YDnDv8wee/+uphlDyP+goA3es7/KXZvtfS+/cs1Qe9j//lXIdNQ72KfyPpX5 wub25U3ODYw3F6AhixPVi+Cbtf2/0dHaI2w50JmTuKNv+xDa2e22IsF7lRR2ViE8cq SqMnzgx6do07z9EfEVvA2UJ3qxDoG8X+E9xjqr/E= Date: Wed, 20 Jan 2016 03:14:32 +0000 From: =?ISO-8859-1?Q?Lu=EDs?= Fernando Schultz Xavier da Silveira To: kpneal@pobox.com Cc: Polytropon , freebsd-questions@freebsd.org Subject: Re: Unexpected dependencies of graphics/libGL Message-Id: <20160120031432.cd8793f3626c07fc803ee308@ime.usp.br> In-Reply-To: <20160119141257.GA64358@neutralgood.org> References: <20160117031923.ce1f36547351bf07b6fff9a0@ime.usp.br> <20160117070715.1c33732b.freebsd@edvax.de> <20160117162018.964db3b1f2f2133242773e78@ime.usp.br> <20160117220247.69e6774f.freebsd@edvax.de> <20160118161235.GA92637@neutralgood.org> <20160119050806.cd08ca0687e76a4b09a701e3@ime.usp.br> <20160119062345.5402e98b.freebsd@edvax.de> <20160119063438.ca57c8a3bd8ba6781a58b040@ime.usp.br> <20160119141257.GA64358@neutralgood.org> X-Mailer: Sylpheed 3.4.3 (GTK+ 2.24.29; amd64-portbld-freebsd10.2) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on iris.ime.usp.br X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2016 03:15:53 -0000 Hi, In a nutshell, the point is that the build dependencies should not be there at all. Keeping them in a jail is not a proper solution because they can still influence the host system (since the packages resulting from computations done in the jail will be installed in the host). On Tue, 19 Jan 2016 09:12:57 -0500 kpneal@pobox.com wrote: > On Tue, Jan 19, 2016 at 06:34:38AM +0000, Lu=EDs Fernando Schultz Xavier = da Silveira wrote: > > Hello, > >=20 > > > But this is not different from how ports are being built in > > > the regular ports tree: Compilation tools could be compromized > > > or package content could be affected. The typical "make install" > > > will generate a package which is then installed via pkg. > >=20 > > Indeed, it is not different, and that is my point. >=20 > Huh? When did this turn into a discussion about security? >=20 > You can do a small amount of work and have security concerns or you can > do much more work and have the exact same security concerns. I really don= 't > see how this reflects badly on Poudriere. >=20 > I thought this was a discussion about how to avoid having build dependenc= ies > installed when all you wanted was the run-time dependencies. Poudriere > handles this nicely without all that mucking about with locking packages, > keeping your ports tree in sync with the one checked out at freebsd.org, > etc. >=20 > --=20 > Kevin P. Neal http://www.pobox.com/~kpn/ >=20 > "I like being on The Daily Show." - Kermit the Frog, Feb 13 2001 >=20