Date: Sun, 25 Feb 2018 17:56:19 -0800 From: Yuri <yuri@rawbw.com> To: freebsd-ports@freebsd.org Subject: Re: poudriere: "Permission denied" in the extract phase? Message-ID: <f29657cf-ec92-3936-4867-9f8b61b7ff47@rawbw.com> In-Reply-To: <nycvar.OFS.7.76.6.1802251254141.2659@z.fncre.vasb> References: <nycvar.OFS.7.76.6.1802250231290.2659@z.fncre.vasb> <nycvar.OFS.7.76.6.1802250252140.2659@z.fncre.vasb> <371FB508-F90E-41E4-8B3D-85F7DA54FFAA@adamw.org> <nycvar.OFS.7.76.6.1802251254141.2659@z.fncre.vasb>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02/25/18 05:37, Marcin Cieslak wrote: > Yes, this is my private port that I am using to produce FreeBSD binaries > for node-sass. Getting binary npm modules into our ports tree is another conversation. > > The problem here is that a whole thing worked for me before for months > so I am aware of all those limitations for particular build phases > (it took me long to figure out that). npm is an extremely volatile technology. Some package might work now, and then break in a week due to a dependency package update. It continuously automatically updates files that are downloaded as dependencies. NodeJS is largely incompatible with the FreeBSD ports system because of this volatility. NodeJS is also a very insecure technology. It brings files directly from github without any vetting. So if somebody will update some github package with malware, it is extremely likely that next day this malware will end up on your production servers. There is nobody in between, you have to always trust hundreds of parties. Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f29657cf-ec92-3936-4867-9f8b61b7ff47>