Date: Tue, 21 Jan 2025 17:11:02 -0500 From: Brandon Allbery <allbery.b@gmail.com> To: Tomek CEDRO <tomek@cedro.info> Cc: Warner Losh <imp@bsdimp.com>, bob prohaska <fbsd@www.zefox.net>, Sulev-Madis Silber <freebsd-current-freebsd-org111@ketas.si.pri.ee>, freebsd-current@freebsd.org Subject: Re: /usr/src and /usr/ports not git directories ? Message-ID: <CAKFCL4XCijAsNJJw%2Bx_K%2B0M5VAebXLLWKoT%2BECT6J4wwVFNfCQ@mail.gmail.com> In-Reply-To: <CAFYkXjk7PPHNiTJftGo980DABOO0t-rK9t%2BoPnLY-5n%2B1qjEAg@mail.gmail.com> References: <Z4vk3009iSwuzG4K@www.zefox.net> <Z4__B0EQM-ce0qPE@cell.glebi.us> <C509F94C-2AC2-414F-90C0-355C69869D72@ketas.si.pri.ee> <Z5AQ1GcwX_MZw69G@www.zefox.net> <CANCZdfoHUsZusqMg_gWN5mB9P3xByGv_GfELi9Dd63CHto1igw@mail.gmail.com> <CAFYkXjk7PPHNiTJftGo980DABOO0t-rK9t%2BoPnLY-5n%2B1qjEAg@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] I would offer a data point: the first thing I did was install sudo from a package. The second thing I did was replace it with a build from the ports package installed with 14.2-RELEASE… which _downgraded_ it. This seems bad for any security-impacting port. On Tue, Jan 21, 2025 at 4:37 PM Tomek CEDRO <tomek@cedro.info> wrote: > On Tue, Jan 21, 2025 at 10:29 PM Warner Losh wrote: > > (..) > > I think we should replace the populate /usr/src from a tarball with.... > populate it > > with a tarball that represents a 1-deep checkout tree at the rev we > built the release > > from. This lets users have the source, has minimal overhead and also > lets users update > > or turn the shallow checkout into a deep one, etc. A shallow checkout is > quite a bit > > less than a full tree, though still more than just the raw files. I've > not done poking to > > see size comparisons. > > Still having tarball of src and ports snapshots in the full release > images is important to have, users could select which one they want to > use, that seems best solution :-) > > -- > CeDeROM, SQ7MHZ, http://www.tomek.cedro.info > > -- brandon s allbery kf8nh allbery.b@gmail.com [-- Attachment #2 --] <div dir="ltr">I would offer a data point: the first thing I did was install sudo from a package. The second thing I did was replace it with a build from the ports package installed with 14.2-RELEASE… which _downgraded_ it. This seems bad for any security-impacting port.</div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Tue, Jan 21, 2025 at 4:37 PM Tomek CEDRO <<a href="mailto:tomek@cedro.info">tomek@cedro.info</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Tue, Jan 21, 2025 at 10:29 PM Warner Losh wrote:<br> > (..)<br> > I think we should replace the populate /usr/src from a tarball with.... populate it<br> > with a tarball that represents a 1-deep checkout tree at the rev we built the release<br> > from. This lets users have the source, has minimal overhead and also lets users update<br> > or turn the shallow checkout into a deep one, etc. A shallow checkout is quite a bit<br> > less than a full tree, though still more than just the raw files. I've not done poking to<br> > see size comparisons.<br> <br> Still having tarball of src and ports snapshots in the full release<br> images is important to have, users could select which one they want to<br> use, that seems best solution :-)<br> <br> -- <br> CeDeROM, SQ7MHZ, <a href="http://www.tomek.cedro.info" rel="noreferrer" target="_blank">http://www.tomek.cedro.info</a><br>; <br> </blockquote></div><div><br clear="all"></div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>brandon s allbery kf8nh</div><div><a href="mailto:allbery.b@gmail.com" target="_blank">allbery.b@gmail.com</a></div></div></div></div></div>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKFCL4XCijAsNJJw%2Bx_K%2B0M5VAebXLLWKoT%2BECT6J4wwVFNfCQ>