From owner-freebsd-questions@FreeBSD.ORG Mon Jan 14 22:44:53 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5888B8A4 for ; Mon, 14 Jan 2013 22:44:53 +0000 (UTC) (envelope-from nino80@gmail.com) Received: from mail-ie0-f174.google.com (mail-ie0-f174.google.com [209.85.223.174]) by mx1.freebsd.org (Postfix) with ESMTP id 2EDB0C8 for ; Mon, 14 Jan 2013 22:44:53 +0000 (UTC) Received: by mail-ie0-f174.google.com with SMTP id c11so6062170ieb.33 for ; Mon, 14 Jan 2013 14:44:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=OFmNgVzzQhfmy0Sh5rKwOorMKdx79PKEZ3nrcVqT+XM=; b=fjB60GpjN9P4vxDNWN8YXzIBg7Z9528o5HLtlJHUlj9L2Subhui9cEVdu6QtJWi7M+ bPJi1fPMRsVOx7idfqIifrETuFzcSHZfIjDvqpato5jUhHlbWTkq6fs8HhcYyYmoZHdu wLFvwGpBj4UQVF9B/uyJR+yYzKWFfZOuv6B6Uz/QFCU8U0hFpEQBFAs+froByYcE5550 M1NGZKI/JdtUHhiQy7IDcNy8DqjC6NaZI3CmzecpaN0za+XoVYtQWllcoUtRHj0pHjiP DLcP/9rIS6q1ArQ4V5U/711OrAe/WRIvz6+ixwQnjHEIiYSmoHRzklpfASqiQyM9c3Zx qJOw== Received: by 10.50.219.229 with SMTP id pr5mr83019igc.64.1358203492706; Mon, 14 Jan 2013 14:44:52 -0800 (PST) MIME-Version: 1.0 Received: by 10.43.19.71 with HTTP; Mon, 14 Jan 2013 14:44:32 -0800 (PST) In-Reply-To: <50F4197E.8050003@infracaninophile.co.uk> References: <50F403C6.1030705@gmail.com> <50F4130A.5050105@freebsd.org> <50F4197E.8050003@infracaninophile.co.uk> From: n j Date: Mon, 14 Jan 2013 23:44:32 +0100 Message-ID: Subject: Re: pkgng package repository tracking security updates To: User Questions Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2013 22:44:53 -0000 On Mon, Jan 14, 2013 at 3:43 PM, Matthew Seaman < m.seaman@infracaninophile.co.uk> wrote: > On 14/01/2013 14:36, n j wrote: > > The point of my question was exactly if it was possible to elaborate on > the > > "pre-compiled packages from FreeBSD official repositories" part. Would it > > be possible to have a (security-wise) up-to-date pre-compiled packages in > > the official repositories? Note, I don't expect an unreasonable effort > here > > - I understand there will always be delays between upstream fix --> ports > > fix --> up-to-date package and it is acceptable for the binary package to > > lag a few days behind the port (depending on the availability of package > > building cluster or maintainer upload). > > Yes, there will be a pkgng package building cluster which will track > updates to the ports and provide as up-to-date a collection of packages > as possible for at least x86, amd64 on all supporter FreeBSD branches > and head. Possibly other architectures as well. > > However, as all that is still under construction (and construction plans > have been heavily revised in the light of the earlier security > compromise) I have no good idea of what sort of turn-around will be > possible. I expect at least as good as the old pkg build cluster > managed and probably better. > > Cheers, > > Matthew > Thanks, that's encouraging news. One thing to think about would be the option of port maintainers uploading the pre-compiled package of the updated port (or if the size of the upload is an issue then just the hash signature of the valid package archive so other people with more bandwidth can upload it) to help the package building cluster (at least for mainstream architectures). The idea behind it being that the port maintainer has to compile the port anyway and pkg create is not a big overhead. The result would be a sort of distributed package building solution. Regards, -- Nino