Date: Fri, 10 Apr 2009 15:25:13 +0100 From: Chris Whitehouse <cwhiteh@onetel.com> To: Bob Johnson <fbsdlists@gmail.com> Cc: Jonathan McKeown <j.mckeown@ru.ac.za>, freebsd-questions@freebsd.org Subject: Re: new package system proposal Message-ID: <49DF56C9.4080302@onetel.com> In-Reply-To: <54db43990904081224l7c006143icac411c482401620@mail.gmail.com> References: <49D76B02.4060201@onetel.com> <54db43990904071435h5dc1e854p2e9892ac666aea35@mail.gmail.com> <200904080859.41807.j.mckeown@ru.ac.za> <54db43990904081224l7c006143icac411c482401620@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bob Johnson wrote: > On 4/8/09, Jonathan McKeown <j.mckeown@ru.ac.za> wrote: >> On Tuesday 07 April 2009 23:35:03 Bob Johnson wrote: >>> On 4/4/09, Chris Whitehouse <cwhiteh@onetel.com> wrote: >> The drawback I can see is the disk space required to keep several >> generations >> of packages online - if the package-port bundle is rebuilt every three >> weeks, >> let's say, and you want to keep 6 months' worth of packages online, you need >> to keep 9 complete versions available. Is there a quick way to find out how big are the tarballs without downloading them all or adding them up one by one? My distfiles directory is 1.2gb. I guess you could allow 5gb for each cycle, that's only 45gb for 6 months. If that is realistic a 500gb hard disk would store 5 years worth. Would anyone want a five year old package? >> > > I think a bigger drawback is the security issue. As soon as any > package in the collection has a significant announced security flaw, > you are faced with the choice of withdrawing the entire collection, > withdrawing only that package, or leaving the flawed package out there > for people to use because it is more convenient for them. Yes this might be an issue> How often are there serious security issues with desktop type ports? > > PC-BSD seems to already keep up-to-date binary packages of their > applications. Do they accomplish that by only offering a small subset > of the full ports collection? > A big difference with PBI's is that each PBI is self contained "with all the files and libraries necessary for the installed program to function" (quote from the website). Upside is that it is very easy to install and avoids dependency problems. Downside is that it requires more bandwidth to download and more disk space. I did wonder if it would make sense to just use the PBI system. The number of packages depends to some extent on individuals volunteering to make and maintain them - true FreeBSD style. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49DF56C9.4080302>