Date: Wed, 20 Jan 2016 03:14:32 +0000 From: =?ISO-8859-1?Q?Lu=EDs?= Fernando Schultz Xavier da Silveira <schultz@ime.usp.br> To: kpneal@pobox.com Cc: Polytropon <freebsd@edvax.de>, freebsd-questions@freebsd.org Subject: Re: Unexpected dependencies of graphics/libGL Message-ID: <20160120031432.cd8793f3626c07fc803ee308@ime.usp.br> In-Reply-To: <20160119141257.GA64358@neutralgood.org> References: <20160117031923.ce1f36547351bf07b6fff9a0@ime.usp.br> <20160117070715.1c33732b.freebsd@edvax.de> <20160117162018.964db3b1f2f2133242773e78@ime.usp.br> <20160117220247.69e6774f.freebsd@edvax.de> <20160118161235.GA92637@neutralgood.org> <20160119050806.cd08ca0687e76a4b09a701e3@ime.usp.br> <20160119062345.5402e98b.freebsd@edvax.de> <20160119063438.ca57c8a3bd8ba6781a58b040@ime.usp.br> <20160119141257.GA64358@neutralgood.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, In a nutshell, the point is that the build dependencies should not be there at all. Keeping them in a jail is not a proper solution because they can still influence the host system (since the packages resulting from computations done in the jail will be installed in the host). On Tue, 19 Jan 2016 09:12:57 -0500 kpneal@pobox.com wrote: > On Tue, Jan 19, 2016 at 06:34:38AM +0000, Lu=EDs Fernando Schultz Xavier = da Silveira wrote: > > Hello, > >=20 > > > But this is not different from how ports are being built in > > > the regular ports tree: Compilation tools could be compromized > > > or package content could be affected. The typical "make install" > > > will generate a package which is then installed via pkg. > >=20 > > Indeed, it is not different, and that is my point. >=20 > Huh? When did this turn into a discussion about security? >=20 > You can do a small amount of work and have security concerns or you can > do much more work and have the exact same security concerns. I really don= 't > see how this reflects badly on Poudriere. >=20 > I thought this was a discussion about how to avoid having build dependenc= ies > installed when all you wanted was the run-time dependencies. Poudriere > handles this nicely without all that mucking about with locking packages, > keeping your ports tree in sync with the one checked out at freebsd.org, > etc. >=20 > --=20 > Kevin P. Neal http://www.pobox.com/~kpn/ >=20 > "I like being on The Daily Show." - Kermit the Frog, Feb 13 2001 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160120031432.cd8793f3626c07fc803ee308>