Date: Thu, 15 Nov 2018 16:10:09 +0000 From: bugzilla-noreply@freebsd.org To: pkg@FreeBSD.org Subject: [Bug 232350] ports-mgmt/pkg: periodic pkg-checksum and pkg-backup interfere with 'overnight' port builds Message-ID: <bug-232350-32340-mtaIqAH1ki@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-232350-32340@https.bugs.freebsd.org/bugzilla/> References: <bug-232350-32340@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232350 --- Comment #13 from Ian Lepore <ian@FreeBSD.org> --- (In reply to Alex Kozlov from comment #12) > but if e.g. pkg-audit works on stalled pkgdb, there is possibility that you > install vulnerable port and will know about it only after next periodic run You seem to have missed the most important point of my comment: You CANNOT prevent that from happening with ANY technique or algorithm. If the port build/install completes before validation begins, it gets validated tonight. If validation begins first and locks out the installation of the port while validation is running, it gets validated tomorrow night. That's the exact same situation as validating against a snapshot. "Use poudriere" may (or often may not) be good advice for any given user and situation, but IT IS NOT A SOLUTION. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-232350-32340-mtaIqAH1ki>