On Wed, Apr 25, 2001 at 04:48:27PM +0200, Karsten W. Rohrbach wrote:
> Kris Kennaway([EMAIL PROTECTED])@2001.04.24 12:27:58 +0000:
> > This is another reason why having a third-party modifying the advisory
> > to mark it up into XML is a bad idea; you lose the integrity
> > protection from the PGP signature.
> that taken as a solid basis for authenticity and integrity of the
> advisories, how will the to-be-parsed section look like?
>
> -----BEGIN FREEBSD PORT UPGRADE INFO-----
> oldver: bind-8.2.2
> newver: bind-8.2.3
> repo: http://security.freebsd.org/updates/bind-8.2.3/@OSVER@/bind-8.2.3.pkg
> notes: http://security.freebsd.org/updates/bind-8.2.3/@OSVER@/relnotes.txt
> -----END FREEBSD PORT UPGRADE INFO-----
Versions affected: <bind-8.2.3
or something like it.
> in ports it would also be feasible to create an 'uninstall' target, so
> on could (cd /usr/ports && make update) and (cd /usr/ports/net/bind8 &&
> make upgrade) where upgrade would be standard target (build i think),
> uninstall, reinstall and uninstall would remove the _older_ package, in
> this case 8.2.2. any ideas on how to implement this smoothly and safe?
This is a separate issue - possible, but nontrivial.
> btw, why do the package versions have to be tracked in the directory
> name in /var/db/pkg? couldnt we just create a directory
> /var/db/pkg/PORTNAME (in this case /var/db/pkg/bind8) and put a VERSION
> file in there? automated upgrading would be much easier since we do not
> have to grok the names of the directories of the installed ports (which
> would be a point of unsafeness due to the port numbering/version scheme
> which has /var/db/pkg/pkg-1.0.3 and /var/db/pkg/pkg2-2.0.9 which are the
> same package but different major versions and we do not want to kill
> pkg1 when we upgrade pkg2, so filename parsing really gets a little
> complicated here...)
This is also a separate issue to the advisory parsing one. I suggest
you search the -ports archive where it's come up before. In general
we should be talking about this stuff over there anyway.
Kris
PGP signature
