From owner-freebsd-pkgbase@freebsd.org Mon Apr 29 20:50:06 2019 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF00F159DDC7 for ; Mon, 29 Apr 2019 20:50:06 +0000 (UTC) (envelope-from wollman@khavrinen.csail.mit.edu) Received: from khavrinen.csail.mit.edu (khavrinen.csail.mit.edu [IPv6:2603:400a:0:7ec::801e:1c14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "khavrinen.csail.mit.edu", Issuer "Client CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 804AF74B89 for ; Mon, 29 Apr 2019 20:50:05 +0000 (UTC) (envelope-from wollman@khavrinen.csail.mit.edu) Received: from khavrinen.csail.mit.edu (localhost [127.0.0.1]) by khavrinen.csail.mit.edu (8.15.2/8.15.2) with ESMTPS id x3TKo0VD092499 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL CN=khavrinen.csail.mit.edu issuer=Client+20CA); Mon, 29 Apr 2019 16:50:01 -0400 (EDT) (envelope-from wollman@khavrinen.csail.mit.edu) Received: (from wollman@localhost) by khavrinen.csail.mit.edu (8.15.2/8.15.2/Submit) id x3TKo0iJ092498; Mon, 29 Apr 2019 16:50:00 -0400 (EDT) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <23751.25464.908633.101215@khavrinen.csail.mit.edu> Date: Mon, 29 Apr 2019 16:50:00 -0400 From: Garrett Wollman To: Cy Schubert Cc: freebsd-pkgbase@freebsd.org Subject: Re: CFT: FreeBSD Package Base In-Reply-To: <201904291931.x3TJV73d079802@slippy.cwsent.com> References: <201904291441.x3TEfMid072751@gndrsh.dnsmgr.net> <201904291931.x3TJV73d079802@slippy.cwsent.com> X-Mailer: VM 8.2.0b under 26.1 (amd64-portbld-freebsd11.2) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (khavrinen.csail.mit.edu [127.0.0.1]); Mon, 29 Apr 2019 16:50:01 -0400 (EDT) X-Rspamd-Queue-Id: 804AF74B89 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dmarc=pass (policy=none) header.from=csail.mit.edu; spf=pass (mx1.freebsd.org: domain of wollman@khavrinen.csail.mit.edu designates 2603:400a:0:7ec::801e:1c14 as permitted sender) smtp.mailfrom=wollman@khavrinen.csail.mit.edu X-Spamd-Result: default: False [-3.18 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[khavrinen.csail.mit.edu,incoming.csail.mit.edu]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[csail.mit.edu,none]; NEURAL_HAM_SHORT(-0.67)[-0.667,0]; IP_SCORE(-0.01)[asn: 3(0.02), country: US(-0.06)]; FORGED_SENDER(0.30)[wollman@csail.mit.edu,wollman@khavrinen.csail.mit.edu]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:3, ipnet:2603:400a::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[wollman@csail.mit.edu, wollman@khavrinen.csail.mit.edu] X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Apr 2019 20:50:07 -0000 < said: > The discussion about granularity begs the question, why pkgbase in the > first place? My impression was that it allowed people to select which > components they wanted to either create a lean installation or mix and > match base packages and ports (possibly with flavours to install in > /usr rather than $LOCALBASE) such that maybe person A wanted a stock > install while person B wanted to replace, picking a random example, BSD > tar with GNU tar. Isn't that the real advantage of pkgbase? No. The "real" advantage of pkgbase is that it allows the distributor of a customized version of the operating system to support binary-only updates, without all the (non-trivial) infrastructure of running a custom FreeBSD-update builder and distribution server. Consider my position: I have about 30 servers (and another ~10 jails) that all run the same local build of FreeBSD. Right now, the only reliable way to update them is to NFS-mount /usr/src and /usr/obj from my build server, and run a (slow) "make installworld". It would literally save me hours out of every upgrade (or base-system security fix) to be able to install compressed binary packages downloaded over http, and I'd have better security because binary packages are signed. For my use case, I don't much care what the granularity is, so long as I can safely upgrade (or update) the kernel independently of the userland and independently of third-party packages -- just two packages (kernel and userland) would suffice, although I'd probably prefer the runtime libraries to be in a separate package just for safety. I'm not distributing packages to third parties, I just want to be able to install and upgrade my packages on my fleet of servers and jails quickly and safely. This is not the entirety of the use cases the project as a whole needs to support, but it's a major *end-user* use case. (And I've said as much in various surveys.) -GAWollman