Date: Fri, 3 Aug 2018 12:17:06 +0200 (CEST) From: Ronald Klop <ronald-lists@klop.ws> To: grarpamp <grarpamp@gmail.com> Cc: freebsd-pkg@freebsd.org, freebsd-ports@freebsd.org Subject: Re: Archives of last quarterly package builds? Message-ID: <1409764431.113.1533291426014@localhost> In-Reply-To: <CAD2Ti2--zdv4e_QvSfHL1prDAnGZyTvNYMzzgA_V%2B3LN6_RTEQ@mail.gmail.com> References: <CAD2Ti28J1UTKkLETgj0vJerHBX3SKOgpAOp6UkrhOR76TGpT%2Bg@mail.gmail.com> <34cb48da-1f15-1610-966d-1e30314f7665@freebsd.org> <CAD2Ti2--zdv4e_QvSfHL1prDAnGZyTvNYMzzgA_V%2B3LN6_RTEQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Van: grarpamp <grarpamp@gmail.com> Datum: donderdag, 2 augustus 2018 22:21 Aan: freebsd-ports@freebsd.org CC: freebsd-pkg@freebsd.org Onderwerp: Re: Archives of last quarterly package builds? > > > I've asked for this but the answer is > > "no we don't do that.. and have no plans to". > > What is the rationale? Or is another model of pkg build, > distribution, and archiving coming? > > It seems no more would be needed than > - an update to release / handbook / mirror info noting their status > as "final, to be removed [to archives] on date + timeframe", say 1 year. > - simple sysadmin on pkg / web side as part of each quarter activity. > - some storage space. > - obviously they are the final builds of the branch, thus frozen. > > Anything else / prereqs missing to doing that? > I'm not involved in any pkg building, so don't take me too seriously. Keeping archives also means keeping packages with security vulnerabilities. Why would somebody put that on the internet? Regards, Ronald. From owner-freebsd-pkg@freebsd.org Fri Aug 3 21:27:57 2018 Return-Path: <owner-freebsd-pkg@freebsd.org> Delivered-To: freebsd-pkg@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7CFB7105203D; Fri, 3 Aug 2018 21:27:57 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-it0-x242.google.com (mail-it0-x242.google.com [IPv6:2607:f8b0:4001:c0b::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0A67F765B7; Fri, 3 Aug 2018 21:27:57 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-it0-x242.google.com with SMTP id j81-v6so8409511ite.0; Fri, 03 Aug 2018 14:27:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=5JpggkLCbwVA5B0GiVzhXa/VM5RalaAaUOVXR3vNsXU=; b=NYM/5H3FcRab9zmy8HACYp6rVPG8bJqTZwiPMnAO2gvfYM//cdCm+Nt+3uCCYqurKx gFUOMhpQYFxWvi+hCy7+rpgkFJk/7EwNLrW7BusSv28/i5c1BXvLgkU8XU37Y3i8GuFG 5DVtiTDBzkWA2iCq2Aatvqy4Bzl5aKqCz9Es5xfzuwe2085KrdDLtjF8ojFx0dycjSwU 69TbCFo804zB52nEMpDwuSB8iEW3vHlT6WJjNeDeD0vtBhbKWLeZrL1whYPU6vAALapU gbopSJZRXAu2ewF2f9TMcGxRAjRNjgKQHSaSnplYlWQvXyv+dfuNcZ8FwBQVu9Sm9rsm j6pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=5JpggkLCbwVA5B0GiVzhXa/VM5RalaAaUOVXR3vNsXU=; b=VhouYYOushwCAS84rdd/KZm4NiC887WajlJ8s7/9eldchtFH61+JEVHKw7Q5se87GG rxU0f5b06O4fInSQ8dsa2nbckBMeIclIbwhQV3NiPrfs7dD32GRfds5ZeM+ZF35RHdTo rOi7840UG487jCaTEE24AuWRKQNth1NnvN06NILOpPiFx4GEnBZJgdeiGRy89eJccZon /Q9itK1+nZIkPyMVbyhR+qBJHtpOkquOMrd3WcHVf9vSgMbtkDNSPs6c+G5hSN3eR9Ly aAZ60GeeuA31suTaQV1ZoksLZR2xyP9CkENO9/t96Wm+1Pe2MCEHLLDE5RZQw50fnZbC BE5g== X-Gm-Message-State: AOUpUlFNC34DAS5i00S7FoGwC6d46hQtTRwUxLDda/r6f3FkHyKK9y4f X30ZL495L/cVDhpaSlpmc3A/Na4l9uZi6QZoS1cVIUZ/b0+jtw== X-Google-Smtp-Source: AAOMgpc9ZJg6od+iYw3ZjC16/8saLUQX/3ntfg+8t67geCKAlcYFBeAFtgYOBRnRh9Qp2eKJ6lRwvBdP95ucG11vvZM= X-Received: by 2002:a24:cc07:: with SMTP id x7-v6mr7776090itf.3.1533331675958; Fri, 03 Aug 2018 14:27:55 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:7781:0:0:0:0:0 with HTTP; Fri, 3 Aug 2018 14:27:15 -0700 (PDT) In-Reply-To: <1409764431.113.1533291426014@localhost> References: <CAD2Ti28J1UTKkLETgj0vJerHBX3SKOgpAOp6UkrhOR76TGpT+g@mail.gmail.com> <34cb48da-1f15-1610-966d-1e30314f7665@freebsd.org> <CAD2Ti2--zdv4e_QvSfHL1prDAnGZyTvNYMzzgA_V+3LN6_RTEQ@mail.gmail.com> <1409764431.113.1533291426014@localhost> From: grarpamp <grarpamp@gmail.com> Date: Fri, 3 Aug 2018 17:27:15 -0400 Message-ID: <CAD2Ti2-9Ux2eqOYgefhwvmjXd+vyKrX1t6HZtq+HFVw1JbQ4QA@mail.gmail.com> Subject: Re: Archives of last quarterly package builds? To: freebsd-ports@freebsd.org Cc: freebsd-pkg@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Binary package management and package tools discussion <freebsd-pkg.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pkg>, <mailto:freebsd-pkg-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pkg/>; List-Post: <mailto:freebsd-pkg@freebsd.org> List-Help: <mailto:freebsd-pkg-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pkg>, <mailto:freebsd-pkg-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 03 Aug 2018 21:27:57 -0000 > And many 10s of GB which we would be forcing all the mirrors to carry > (and remember, *N archs *n OSVERSIONS). > This has been cited as a stopper in the past. There's enough slack to pull down at least one new quarter, how deep that slack goes hasn't been chimed in on but this was copied out to hubs@. However on the plus side, one could easily imagine a program where mirrors could receive HW / donations from the foundation... 4TiB is only $100. They're static reference copies, already transferred, and only maintained for a year or so, so usage, thus bandwidth should be low. For the previous quarters, squelching the web index in dir '/All' exposing them only to pkg from pkg metadata, and to rsync module... is further possible. And the last final pkg build "pkg /latest" for each major version num "... 8 9 10 11 12 13 ..." should probably also be kept on archive rsync server for years like the iso's and distfiles. > Keeping archives also means keeping packages with security vulnerabilities. > Why would somebody put that on the internet? Why would FreeBSD or any other OS put all their old vulnerable release ISO's, and keep old vulnerable commits in their repos, on the internet. Lots of reasons, many noted in this thread.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1409764431.113.1533291426014>