On Sunday 14 May 2006 06:08, fbsd wrote: > fbsd wrote: > > The fact is the maintainer is all ready being trusted to > > manage the port so I see no reason NOT to trust him to > > create the matching package. > > Because they don't. The port maintainer is trusted to maintain the > port > ... and then a bunch of people are trusted to audit the ports before > the > update is allowed in to the ports tree. > > Or at least, that's how I thought it worked.
If a maintainer tries to put a backdoor or malicious code in a port it's next to impossible to hide it in the source code. How would you propose doing that with a binary? Having the portmanager test every binary that is submitted would slow down the package builds even more. > > ********* so working with in that same procedure the maintainer > passes the packages to the audit people and they pass it on. > No problem with this at all. > > > Even the need of the secure massive package built process is > > now questionable. > > The resources and time needed for performing the > > secure massive package built must impact the release timeline of > > new FreeBSD releases. Doing away with it may streamline many > > other different internal release process. The packages are built on a continual basis. The main reason for this is to make sure they build on all systems. Having a package to install is secondary. There is plenty of time after a code freeze for a package run. > > The personalised dynamic ports tree is by far the best suggestion so > far. A 'most commonly used' ports tree is a daft idea, IMHO, and I > fully > expect myself to be one of those people who uses quite a few ports > that > would never make it on to that list. And it's not like I do a lot > weird > stuff, either. I just think that with the number of fbsd users on > this > planet, coupled with the number of ports in the tree ... well, > there's > going to be an awful lot of minorities. > > **** the port make method will still be there for all ports with > limited usage history, it will just not have a package for it > because > it has limited usage. > > Also, I think the idea of having a central database to monitor which > ports are used has privacy issues, which will require every port to > have > a privacy disclaimer and an opt-out option. So much for > streamlining. > > ******** There is no privacy issues. Passing cookies is normal and > done as matter of fact by most commercial websites and any website > that > uses php session control makes cookies by default. > This is a no-issue issue. Beech -- --------------------------------------------------------------------------------------- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign | Alaska Paradise \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com ---------------------------------------------------------------------------------------
pgpLzQKt38xSZ.pgp
Description: PGP signature
