[Bug 232350] ports-mgmt/pkg: periodic pkg-checksum and pkg-backup interfere with 'overnight' port builds
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Nov 15 16:10:11 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232350
--- Comment #13 from Ian Lepore <ian at FreeBSD.org> ---
(In reply to Alex Kozlov from comment #12)
> but if e.g. pkg-audit works on stalled pkgdb, there is possibility that you
> install vulnerable port and will know about it only after next periodic run
You seem to have missed the most important point of my comment: You CANNOT
prevent that from happening with ANY technique or algorithm. If the port
build/install completes before validation begins, it gets validated tonight.
If validation begins first and locks out the installation of the port while
validation is running, it gets validated tomorrow night. That's the exact same
situation as validating against a snapshot.
"Use poudriere" may (or often may not) be good advice for any given user and
situation, but IT IS NOT A SOLUTION.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pkg
mailing list