DragonFly kernel List (threaded) for 2006-02
Re: pkgsrc packaging of base?
> It makes it work well right up until gzip or some other program ends
> up with a security hole, and then you have to either manually patch it
> (having no way to verify later if it was patched other than 'md5') or
> upgrade the entire OS to -STABLE. Most modern OSs don't require that
> much work for simple fixes. It'd be great if DragonFly followed suit.
> Some things are going to be harder to manage, like the aforementioned
> sysctl's, ioctl's, procfs, but if we just accept that some things
> (libraries, etc) have to be kept in sync with the kernel package, then
> I think we'll be OK.
> Without packaging up the base system, updating a small amount of
> servers (100 or so) becomes a very difficult task -- speaking from
> personal experience and frustrating with the FreeBSD 'monolithic'
> version system.
Ironically you completely missed my point*. :o)
Actually I agree so much as that your goes with the proviso
that "making everything a package" does not mean "abandoning
careful library versioning, avoiding library version bumps
when possible, and mandating library version bumps when
At least that's my position until another way of handling
versioning hell (like that VFS overlay business) comes to
* My whole ramble about not making a disciplined
contribution to the discussion was about mentioning an
orthogonal issue :o) in a conversation that could be
likely to ignite passions.