packages with security vulnerabilities
Mark Linimon
linimon at lonesome.com
Mon Jan 21 22:04:40 PST 2008
On Mon, Jan 21, 2008 at 03:57:31PM -0800, Doug Barton wrote:
> If I understood the question correctly, I think the OP is asking about
> the frequency of rebuilding packages with security updates. In which
> case your answer is still correct, but leads to a new question, which is
> would it be possible to trigger an update for a port that has a security
> update sooner?
The package updates are triggered by changes to the INDEX file. If the
port's metadata changes (which is a near 100% guarantee if it's a security
fix), we would need to kill off the existing build, build a new INDEX, and
then restart the build. And, of course, do this times 4 for FreeBSD-5/6/7/8,
times 3 for the number of architectures we try to build. (Given that there
are empty cells in that table, so we "only" try to build 10 package sets).
Writing a package build cluster that keeps a rolling model of the INDEX
metadata as every commit comes in, so it would know what dependencies need
to be rebuilt, is left as an exercise for the reader.
mcl
More information about the freebsd-ports
mailing list