From owner-freebsd-questions@FreeBSD.ORG  Tue Jan 15 09:13:57 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 914EA6E8
 for <freebsd-questions@freebsd.org>; Tue, 15 Jan 2013 09:13:57 +0000 (UTC)
 (envelope-from matthew@freebsd.org)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
 [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78])
 by mx1.freebsd.org (Postfix) with ESMTP id 2C3B373D
 for <freebsd-questions@freebsd.org>; Tue, 15 Jan 2013 09:13:57 +0000 (UTC)
Received: from rufus.webfusion.com (mail.heartinternet.co.uk [79.170.40.31])
 (authenticated bits=0)
 by smtp.infracaninophile.co.uk (8.14.6/8.14.6) with ESMTP id r0F9Dixr064512
 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
 for <freebsd-questions@freebsd.org>; Tue, 15 Jan 2013 09:13:51 GMT
 (envelope-from matthew@freebsd.org)
DKIM-Filter: OpenDKIM Filter v2.7.4 smtp.infracaninophile.co.uk r0F9Dixr064512
Authentication-Results: smtp.infracaninophile.co.uk/r0F9Dixr064512;
 dkim=none reason="no signature"; dkim-adsp=none (insecure policy)
X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host
 mail.heartinternet.co.uk [79.170.40.31] claimed to be rufus.webfusion.com
Message-ID: <50F51DC7.4030300@freebsd.org>
Date: Tue, 15 Jan 2013 09:13:43 +0000
From: Matthew Seaman <matthew@freebsd.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:17.0) Gecko/20130111 Thunderbird/17.0.2
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: Re: pkgng package repository tracking security updates
References: <CALf6cgYY0LYnUb_Yo3XZZ=-tsXoyJ=GUic8KtdcoaVWMF8XUqQ@mail.gmail.com>
 <50F403C6.1030705@gmail.com> <50F4130A.5050105@freebsd.org>
 <CALf6cgai+cGs_g1ekh_tdXt_7bDT4ETyEB_iAJqst-nz-srHvg@mail.gmail.com>
 <50F4197E.8050003@infracaninophile.co.uk>
 <CALf6cgbf3Vn2TBVx8FhvyjZhBBqA4Q55kTQTZywtCC0uxzuWoA@mail.gmail.com>
In-Reply-To: <CALf6cgbf3Vn2TBVx8FhvyjZhBBqA4Q55kTQTZywtCC0uxzuWoA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.97.6 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,SPF_SOFTFAIL
 autolearn=no version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
 lucid-nonsense.infracaninophile.co.uk
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2013 09:13:57 -0000

On 14/01/2013 22:44, n j wrote:
> One thing to think about would be the option of port maintainers uploading
> the pre-compiled package of the updated port (or if the size of the upload
> is an issue then just the hash signature of the valid package archive so
> other people with more bandwidth can upload it) to help the package
> building cluster (at least for mainstream architectures). The idea behind
> it being that the port maintainer has to compile the port anyway and pkg
> create is not a big overhead. The result would be a sort of distributed
> package building solution.


Sorry.  Distributed package building like this is never going to be
acceptable.  Too much scope for anyone to introduce trojans into
packages.  Building packages securely is a very big deal, and as recent
events have shown, you can't take any chances.

	Cheers,

	Matthew