In message <[email protected] om> , Chris Rees writes: > --000e0cdfc7bc127afc04c9025077 > Content-Type: text/plain; charset=ISO-8859-1 > > On 6 Sep 2012 05:57, "Cy Schubert" <[email protected]> wrote: > > > > Hi all, > > > > I'm considering a -devel port which checks out from our upline's VCS repo, > > also generating a dynamic plist. I'm sure this is possible. Are there any > > examples of this? > > It's possible, but you can't then do distinfo checks. > > I don't think it's a good idea for this reason.
The distinfo checks are there to verify the integrity of the tarball. Should a VCS become compromised any resulting tarball created by an upline would also be compromised and our distinfo would ensure the integrity of compromised source. In the case of a tarball which is rolled multiple times a week, e.g. ntp-devel, or daily, e.g. fwbuilder's devel branch, it would become a daily chore to maintain the latest devel package, in which case one would need to roll an updated port once every couple of weeks, kind of like a snapshot approach. I think I've seen only one port over the years use a VCS (CVS) to check out its source files. -- Cheers, Cy Schubert <[email protected]> FreeBSD UNIX: <[email protected]> Web: http://www.FreeBSD.org _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[email protected]"
