Date: Wed, 14 Oct 2015 09:59:59 -0500 From: Mark Felder <feld@FreeBSD.org> To: freebsd-pkg@freebsd.org Subject: Re: locked packages got upgraded anyway Message-ID: <1444834799.3166860.410090913.6644022C@webmail.messagingengine.com> In-Reply-To: <D632CC59-E6E8-4856-A00D-6228448EDF82@ultra-secure.de> References: <561D8634.40103@electricembers.coop> <D632CC59-E6E8-4856-A00D-6228448EDF82@ultra-secure.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 13, 2015, at 17:42, Rainer Duffner wrote: >=20 > > Am 14.10.2015 um 00:31 schrieb Benjamin Connelly <ben@electricembers.co= op>: > >=20 > > We have a few ports we compile with different compile time options than= the FreeBSD binary repo, so we keep them locked. Last night when doing som= e patching, we saw those locked packages get updated anyhow. For example, p= kg said all of these things on one system: > >=20 >=20 >=20 > IMO, you either compile all of the packages you use yourself - or none. >=20 > Until FreeBSD gets a sort of =E2=80=9Estable=E2=80=9C ports-tree that liv= es for longer > than three months, running your own repo is almost a must for anything > even semi mission-critical. >=20 He has a valid use case and I don't know why it was upgraded. Sounds like a bug. Perhaps because it was a dependency? Hmm... A planned* feature is for a user to be permitted to have packages with custom build options and "pkg upgrade" will handle fetching the required parts of the ports tree and building the updated package so you don't have to play this "lock your package, manually upgrade it later" game. Not everyone should be forced to run poudriere just so they can change one option on one package... * Planned as in "bapt or someone said we should do this when we have time" --=20 Mark Felder ports-secteam member feld@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1444834799.3166860.410090913.6644022C>