Date: Thu, 15 Nov 2018 16:10:09 +0000 From: bugzilla-noreply@freebsd.org To: pkg@FreeBSD.org Subject: [Bug 232350] ports-mgmt/pkg: periodic pkg-checksum and pkg-backup interfere with 'overnight' port builds Message-ID: <bug-232350-32340-mtaIqAH1ki@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-232350-32340@https.bugs.freebsd.org/bugzilla/> References: <bug-232350-32340@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232350 --- Comment #13 from Ian Lepore <ian@FreeBSD.org> --- (In reply to Alex Kozlov from comment #12) > but if e.g. pkg-audit works on stalled pkgdb, there is possibility that y= ou > install vulnerable port and will know about it only after next periodic r= un You seem to have missed the most important point of my comment: You CANNOT prevent that from happening with ANY technique or algorithm. If the port build/install completes before validation begins, it gets validated tonight= .=20 If validation begins first and locks out the installation of the port while validation is running, it gets validated tomorrow night. That's the exact = same situation as validating against a snapshot. "Use poudriere" may (or often may not) be good advice for any given user and situation, but IT IS NOT A SOLUTION. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-232350-32340-mtaIqAH1ki>