Date: Wed, 22 May 2002 01:22:40 -0400 From: Brian T.Schellenberger <bts@babbleon.org> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: kris@obsecurity.org, ports@FreeBSD.ORG, portmgr@FreeBSD.ORG, core@FreeBSD.ORG Subject: Re: My position on commiters guide 10.4.4 Message-ID: <20020522052240.D170EBB29@i8k.babbleon.org> In-Reply-To: <20020522050301.GA93570@nagual.pp.ru> References: <20020522041150.GA92851@nagual.pp.ru> <20020522044853.92549BB29@i8k.babbleon.org> <20020522050301.GA93570@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 22 May 2002 01:03 am, you wrote:
| On Wed, May 22, 2002 at 00:48:52 -0400, Brian T.Schellenberger wrote:
| > Really, ports that change without version number changes are a real pain
| > to deal with, and a new port should be rolled up for them only if there
| > is a very good reason (which the porter understands), which is all this
| > rule seems to be saying.
|
| I want to especially note that when version number IS CHANGED, we exact in
| the same situation, i.e. from security perspective all things from 10.4.4
| must be done, like complete diff, description of all changes, etc. I found
| not logical to enforce that requirement when version number is not changed
| and forget it when it is changed. Do the version number change bring any
| safety? Of course not, hacker can just upload new version with changed
| number.
|
| > So your position of simply not updating the port until the version number
| > does change certainly seems reasonable to me.
| >
| > If there's somebody else who needs your port _so_ bad that he _must_ get
| > it before the version number changes then *he* can do the ports and fill
| > in all the necessary information.
| >
| > Am I missing something here?
|
| You are correct, but I don't think it is perfect solution, it is forced
| soultion. I will be more happy if that illogical rule will be removed.
I don't find the rule so illogical.
Have you considered requesting the the person whose application you port
update the version numbers (at least patch levels) when upgrading their code?
It's just terribly confusing to have multiple different "versions" of the
same package with the same version number.
I think that this rule is probably mean precisely to try to avoid having that
happen at least within the ports system by making it odious to create such a
port so as to limit it to those ports where there really is a good reason to
override the general rule.
For one thing, without all the diffs listed in the doc, how can you even
*tell* which version you have? Normally if you want to to see whether you
have the "latest" version you just look at the version number.
If the version number doesn't change but the contents *do* change, then you
have to actually examine the files to figure out which "version" of the
version you have. If this information is not documented in the port, how are
you supposed to know?
--
Brian T. Schellenberger . . . . . . . bts@wnt.sas.com (work)
Brian, the man from Babble-On . . . . bts@babbleon.org (personal)
http://www.babbleon.org
http://www.eff.org http://www.programming-freedom.org
If you smell the smoke you don't need to be told what you've got to do;
Yet there's a certain breed, so very in-between, they'd rather take a
vote. -- DEVO -- Here To Go
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020522052240.D170EBB29>