Date: Thu, 11 Jul 2002 01:39:16 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Rahul Siddharthan <rsidd@online.fr> Cc: Alexey Dokuchaev <danfe@regency.nsu.ru>, Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, chat@freebsd.org Subject: Re: Package system wishlist Message-ID: <3D2D4434.F96E2BD3@mindspring.com> References: <20020710210509.GA686@lpt.ens.fr> <3D2CA535.EC11BDA1@mindspring.com> <20020710213619.GA882@lpt.ens.fr> <3D2CBAC4.6AC3CAC9@mindspring.com> <20020710230709.GA1512@lpt.ens.fr> <3D2CC6A9.EB0F7995@mindspring.com> <20020711071255.GA264@lpt.ens.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Rahul Siddharthan wrote: > > No, all I'd have to convince them to do is release fixes for the > > varios packages. I can install a different OpenSSH in my system, > > if OpenSSH is just another component. All I have to care about is > > binary backward compatability, and that's taken care of by the > > dependency tracking. > > (a) You're still bitten by major incompatible changes in OpenSSH which > could screw up your setup (config files etc, as you pointed out). Depends on how you handle configuration data. > (b) What about the C library, the toolkit, the rest of the "base" system? > Would you like those to be packages too? Yes. > In that case, I think gentoo linux's "portage" setup is just for you. > The entire system is a collection of "ports" (or, to use their > terminology, "ebuilds"), plus the kernel. I like it, but it's clear > to me that I wouldn't trust such a thing on a server. It's for people > who like the "bleeding edge" and such a terminology as "gentoo 1.2 + > bugfixes" has no meaning: each component is upgraded separately to the > point where it becomes gentoo 1.3, etc. I'm not talking about building, and I'm not talking about mismatching binaries, except as required for security/bug fixes (I'd rather have a mismatched OpenSSH than a broken OpenSSH). > Either you have nondisruptive bugfixes, or you have potentially > disruptive upgrades. For an Indian guy, you certainly have that Aristotilian mean of "IF A THEN NOT B" down for dividing the world into "all A or all B". ;^). > You can't have guaranteed-nondisruptive upgrades. Why not? You're forbidding it? Forgive me if I "disobey" you... 8-). > And nondisruptive bugfixes are typically not supplied for > outdated packages, so eventually you have to upgrade. In your > example, you're at the mercy of not only the FreeBSD team but also the > OpenSSH team. As of now, at least, we only depend on the FreeBSD > team. A bugfix for an "outdated package" is a "non-outdated package", not "A new version of the outdated package". We're already "at the mercy" of the third party software suppliers, as the recent OpenSSH vulnerability demonstrates. Just because something is a package doesn't remove it from the FreeBSD source tree, or maintenance by the FreeBSD team. Things don't have to live in binary floppy-sized lumps for them to be under CVS control in the FreeBSD CVS tree. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D2D4434.F96E2BD3>