Date: Tue, 31 Jan 2012 10:42:09 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@freebsd.org Subject: Re: Unable to upgrade packages on FreeBSD Message-ID: <4F27C581.9000309@infracaninophile.co.uk> In-Reply-To: <4EFDA3B50062AA15@> (added by postmaster@resmaa12.ono.com) References: <CAGy-%2Bi-6GLfoUuhUExjnVEKhM00TuUimhKuhboLkjBeXNk9hFg@mail.gmail.com> <20120130234545.3db77a79@gumby.homeunix.com> <4EFDA3B50062AA15@> (added by postmaster@resmaa12.ono.com)
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig19954AF1CC72E52C35FBCC57
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 31/01/2012 09:56, Eduardo Morras wrote:
> Making a resume/summary of the thread; more hardware, time and people
> are needed to maintain a package system up-to-date. I have a free serve=
r
> (amd64 freebsd8.2p6), if i built all packages with their standard
> options, that's without make config, Can i upload them to the official
> package ftp? Should i make my own un-official ftp package server to
> allow others download them?
>=20
> Perhaps it's not clear, this answer has ironic mode off, joking mode of=
f
> and i want to collaborate making the standard packages.
While your offer is made with the best of intentions, I doubt the
project would feel able take you up on it. The problem is simply one of
security -- while crowd-sourcing package compilation would be a pretty
sweet technical solution to much of the scaling and resource cost
problems, it offers far too much opportunity for people up-to-no-good to
be able to introduce trojans, spyware and so forth.
Setting up your own package build system and ftp site -- well, there's
nothing preventing you from doing that, but again, it's a trust thing.
Unless people can believe in the provenance of the packages you provide,
it's not going to be sensible for them to download from you. So it's
only people that know you personally, friends, relations, workmates and
people that know and trust people willing to trust you; they would be
the initial audience for your new package building and distribution
thing. Even if you had an enormous social circle all of whom happened
to be avid FreeBSD users, I doubt that would actually provide enough
demand to make the whole venture worthwhile.
The best ways to contribute are (a) to make a donation via the FreeBSD
Foundation and (b) take up maintainership on some ports. As ever in any
project of this type, most of the work goes through smoothly and it's
that minority of problem ports that eat up so much of the time.
Maintained ports have fewer problems.
Some of the more paranoid amongst you may be asking yourselves if, in
the light of what I say above, you really can trust packages from
anywhere other than the official ftp.freebsd.org server. Locations like
(for example) ftp.uk.freebsd.org (which, although blessed as an official
mirror site, is run by a completely different set of people.) The
answer is somewhere on the 'probably -- maybe' continuum. Can you
actually trust the people running the mirror site? (In the case of
ftp.uk.freebsd.org, as of a day or so ago that's the UK mirror service
run by the University of Kent who are clearly of unimpeachable
reputation.) Implementing digital signatures on packages would go a
long way to removing that uncertainty.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
--------------enig19954AF1CC72E52C35FBCC57
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8nxYkACgkQ8Mjk52CukIw6FwCeJecQb9kUmQogpL9sl6xoiuyu
c7QAoI05MRQunYZg9B/W8VpmHt5qm5vz
=Fd48
-----END PGP SIGNATURE-----
--------------enig19954AF1CC72E52C35FBCC57--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F27C581.9000309>