Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Oct 2004 17:49:16 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Oliver Eikemeier <eikemeier@fillmore-labs.com>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: Email nagging, was: Re: Ports with version numbers going backwards: graphics/gd,japanese/gd, ukrain...
Message-ID:  <20041013004916.GA82152@xor.obsecurity.org>
In-Reply-To: <D7DCBA58-1CAF-11D9-A5A5-00039312D914@fillmore-labs.com>
References:  <20041013000951.GA81344@xor.obsecurity.org> <D7DCBA58-1CAF-11D9-A5A5-00039312D914@fillmore-labs.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--bg08WKrSYDhXBjb5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 13, 2004 at 02:35:55AM +0200, Oliver Eikemeier wrote:
> Kris Kennaway wrote:
>=20
> >>Uhm, I wonder why you are fine with hourly `INDEX build failed'
> >>messages, but oppose those addressing PORTVERSION. Any crucial
> >>difference I'm missing?
> >
> >One thing is that most users don't care about a particular port that
> >had a version number go backwards, but lots of people care when they
> >can't build an index.
>=20
> I wonder why...? If the INDEX is so important to so many people, maybe=20
> we should fix it so that it is buildable even when a single port breaks?=
=20
> Not that I don't value the INDEX as a great QA tool, but I wonder why=20
> lots of people need to build their own INDEX.
>=20
> >Indeed, it's hard to even notice the former unless you look for it,
> >but index failures kind of jump out at you and tend to generate lots
> >of support email :)
>=20
> I've seem machines that didn't update bind9 for months after the=20
> portversion went backwards. Hard to notice, but important=20
> nevertheless... The point is that I might notice quickly when the INDEX=
=20
> is broken, but not much harm is done. OTOH port versions going backwards=
=20
> hinder tools like portupgrade to work correctly, and make it impossible=
=20
> to make entries in the vulnerability database.
> Anyway, you should make a decision whether the INDEX is a robust tool or=
=20
> a sensitive QA instrument, but it shouldn't be both.

You're not distinguishing that it's important for the committers to be
told about the version decrement (so they can fix it), but users don't
need to know about it.  OTOH, reporting INDEX failures to users is
important because otherwise someone has to answer all of the support
emails that arise when users notice on their own (because their index
build fails).

And yes, INDEX builds are not particularly robust..patches happily
accepted.

Kris

--bg08WKrSYDhXBjb5
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBbHuMWry0BWjoQKURAm83AJwNRKEIpalSwZ3lqFE4Xorh0kVDqQCfa68R
OumPV5Cq+9RS/pkiC9b2Lmk=
=O47Q
-----END PGP SIGNATURE-----

--bg08WKrSYDhXBjb5--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041013004916.GA82152>