Re: /usr/src and /usr/ports not git directories ?
Date: Tue, 21 Jan 2025 22:43:09 UTC
On Tue, 21 Jan 2025 17:11:02 -0500 Brandon Allbery <allbery.b@gmail.com> wrote: > I would offer a data point: the first thing I did was install sudo from a > package. The second thing I did was replace it with a build from the ports > package installed with 14.2-RELEASE… which _downgraded_ it. This seems bad > for any security-impacting port. Do you mean that you install sudo from official "latest" repo, then, `make package` in security/sudo with ports tree provided as ports.txz in installation media? If so, it could be latest/quarterly issue. > > On Tue, Jan 21, 2025 at 4:37 PM Tomek CEDRO <tomek@cedro.info> wrote: > > > On Tue, Jan 21, 2025 at 10:29 PM Warner Losh wrote: > > > (..) > > > I think we should replace the populate /usr/src from a tarball with.... > > populate it > > > with a tarball that represents a 1-deep checkout tree at the rev we > > built the release > > > from. This lets users have the source, has minimal overhead and also > > lets users update > > > or turn the shallow checkout into a deep one, etc. A shallow checkout is > > quite a bit > > > less than a full tree, though still more than just the raw files. I've > > not done poking to > > > see size comparisons. > > > > Still having tarball of src and ports snapshots in the full release > > images is important to have, users could select which one they want to > > use, that seems best solution :-) > > > > -- > > CeDeROM, SQ7MHZ, http://www.tomek.cedro.info > > > > > > -- > brandon s allbery kf8nh > allbery.b@gmail.com -- Tomoaki AOKI <junchoon@dec.sakura.ne.jp>