From owner-freebsd-ports@FreeBSD.ORG Tue Mar 30 11:55:04 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EAEE4106564A for ; Tue, 30 Mar 2010 11:55:04 +0000 (UTC) (envelope-from matthias.andree@gmx.de) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id 4BA148FC0C for ; Tue, 30 Mar 2010 11:55:03 +0000 (UTC) Received: (qmail invoked by alias); 30 Mar 2010 11:55:03 -0000 Received: from baloo.cs.uni-paderborn.de (EHLO baloo.cs.uni-paderborn.de) [131.234.21.116] by mail.gmx.net (mp032) with SMTP; 30 Mar 2010 13:55:03 +0200 X-Authenticated: #428038 X-Provags-ID: V01U2FsdGVkX1/eYLhsohTe6Mh+rEWf0naD/UWLigrDDrxTqaF/f2 HYaN/SqN3HO+bX Received: from [127.0.0.1] by baloo.cs.uni-paderborn.de with esmtp (Exim 4.70) (envelope-from ) id L03FRQ-000384-JV for freebsd-ports@freebsd.org; Tue, 30 Mar 2010 13:55:02 +0200 Message-ID: <4BB1E695.2020104@gmx.de> Date: Tue, 30 Mar 2010 13:55:01 +0200 From: Matthias Andree User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.8) Gecko/20100227 Lightning/1.0b1 Thunderbird/3.0.3 MIME-Version: 1.0 To: freebsd-ports@freebsd.org References: <20100329172753.GB39715@wep4035.physik.uni-wuerzburg.de> <7d6fde3d1003300018gf395446g703cd287c6265a76@mail.gmail.com> In-Reply-To: <7d6fde3d1003300018gf395446g703cd287c6265a76@mail.gmail.com> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.56999999999999995 Subject: Re: "stable" ports? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Mar 2010 11:55:05 -0000 Am 30.03.2010 09:18, schrieb Garrett Cooper: > There is one important note to make: > > Many times you're forced to upgrade packages because of ABI breakages, > etc. What would happen if there was a CVE assigned for PNG tomorrow > (like there was for JPEG a year and change ago) where mass changes > were required of 1k ports -- you could either have to bump the > versions or patch _every_ single port like Dirk has been doing for the > past week and a half (and is still doing... also with other folks' > help thankfully -- poor guy). Well, a security fix usually does not mean you're breaking ABI. The ABI break would be caused by a design flaw in the application that cannot be fixed any other way, or by lack of backports of the fix to the old ABI version, so you're forced to use the new ABI. To complicate matters, using "stable" versions is exactly the trigger for the latter situation: your using an older than the latest version is what creates the need for backporting the fix to the "stable" API. > Furthermore, people could check out packages with RELENG_* tags, and > maintainers could use their best judgment to tag the files appropriate > to the change being committed? I don't think this proposal is useful. Technically it would work, but socially it wouldn't. Why? RELENG_* tagging would require that port maintainers oversee the implications for all supported FreeBSD releases, possibly run tinderboxen to test (and thereabouts) and would likely scare away maintainers. Not exactly what we need. > Also, another idea that was briefly underscored that I (and other > folks more importantly) like is that release branches should only be > updated for security releases. I admit, this is a pain in the rear > with large / sweeping commits (JPEG/PNG anyone :/?), but at least it > would ensure that stability is largely maintained. Basically you'd try to hold off on the "large/sweeping commits" for those branches and backport. How about if we create a new port if the ABI or API change in incompatible ways? As in: jpeg.(N-1) is kept around for compatibility with ports that don't support jpeg.N (either ABI or API wise) and slowly phased out later. This takes care of the libraries. Open issue: how to handle includes. This approach (remotely) resembles what the (regexp) database/db[34]. ports are doing, with some magic in Mk/bsd.database.mk to allow for picking the incurred DB version semi-automatically. -- Matthias Andree