Date: Fri, 29 Sep 2023 17:58:11 -0700 From: Dan Mahoney <freebsd@gushi.org> To: Roger Marquis <marquis@roble.com> Cc: Mark Millard <marklmi@yahoo.com>, FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: dns/bind916 builds rust unexpectedly Message-ID: <6096FAFA-A5C7-4F0F-80A4-74C7A82AD6CF@gushi.org> In-Reply-To: <8834n7o7-pns7-5r31-oo33-rr52q2n01s64@mx.roble.com> References: <CE1C612B-04B9-40E8-B104-A9B1D36A01AB.ref@yahoo.com> <CE1C612B-04B9-40E8-B104-A9B1D36A01AB@yahoo.com> <8834n7o7-pns7-5r31-oo33-rr52q2n01s64@mx.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sep 25, 2023, at 18:23, Roger Marquis <marquis@roble.com> wrote: >=20 > On Mon, 25 Sep 2023, Mark Millard wrote: >> ... it takes so long to build (and distribute) the 30,000+ >> packages (or any large incremental subset or subset that >> involves huge builds) that a fair number ports have had >> updates before the distribution completes and starts being >=20 > Even just getting the ports tree updated can take days (or more) even > after vulnerabilities are patched. Let's assume for most systems, you're dealing with a quarterly ports = tree, and thus a quarterly pkg tree. If you're using a -current ports = tree, all bets are off, but portsnap (in base) should qualify you for = this. > Take bind9 for example. We use Poudriere for most updates but not = bind9 > as it often should be patched as soon as updates are are available. = If > you wait for gitup or Poudriere to pull a new Makefile, even with > nothing more than a new version string, it can take days (2 or 3 days > for the most recent patch). It's not an issue here as we a) edit the > Makefile to specify the current version, b) make makesum, c) make sure > the build does not use python (by manually editing the port's options > file, d) make package and e) pkg install (or update), which takes > maybe 10 minutes. This was my precise reason for setting up poudriere to keep building a = constant set of quarterly builds -- even if we don't use them at all. = By default, we stick with the base packages, but we want to be able to = mode-switch over, in the event we have a critical patch we need to = apply. -Dan > It sounds like what we really need om this case is just a way to > maintain options keys and values that are not specified in the = Makefile. > Of course that won't work for all bloated packages but it would help. >=20 > Roger Marquis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6096FAFA-A5C7-4F0F-80A4-74C7A82AD6CF>