Date: Thu, 06 Sep 2012 06:30:34 -0700 From: Cy Schubert <Cy.Schubert@komquats.com> To: Chris Rees <utisoft@gmail.com> Cc: Harlan Stenn <stenn@ntp.org>, FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: Automatic Port Message-ID: <201209061330.q86DUYbM009694@slippy.cwsent.com> In-Reply-To: Message from Chris Rees <utisoft@gmail.com> of "Thu, 06 Sep 2012 07:07:57 BST." <CADLo83-7i2cP%2BrKdz6Z-kw1asHmfLqJk%2BhOiZg9fm0V8xqYwdA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <CADLo83-7i2cP+rKdz6Z-kw1asHmfLqJk+hOiZg9fm0V8xqYwdA@mail.gmail.c om> , Chris Rees writes: > --000e0cdfc7bc127afc04c9025077 > Content-Type: text/plain; charset=ISO-8859-1 > > On 6 Sep 2012 05:57, "Cy Schubert" <Cy.Schubert@komquats.com> wrote: > > > > Hi all, > > > > I'm considering a -devel port which checks out from our upline's VCS repo, > > also generating a dynamic plist. I'm sure this is possible. Are there any > > examples of this? > > It's possible, but you can't then do distinfo checks. > > I don't think it's a good idea for this reason. The distinfo checks are there to verify the integrity of the tarball. Should a VCS become compromised any resulting tarball created by an upline would also be compromised and our distinfo would ensure the integrity of compromised source. In the case of a tarball which is rolled multiple times a week, e.g. ntp-devel, or daily, e.g. fwbuilder's devel branch, it would become a daily chore to maintain the latest devel package, in which case one would need to roll an updated port once every couple of weeks, kind of like a snapshot approach. I think I've seen only one port over the years use a VCS (CVS) to check out its source files. -- Cheers, Cy Schubert <Cy.Schubert@komquats.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209061330.q86DUYbM009694>