Re: Why to use packages?

2013-03-18 Thread Kevin Chadwick 
 The only
 halfway sane reason I can think of not to use packages but ports

Hoping not to open commentry on the matter but so people are aware and
perhaps to avoid the next question, there are some security pluses of
using ports (checksums via ssh, landry's testing/beta firefoxes a little
earlier).

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___

Re: Why to use packages?

2013-03-16 Thread James Griffin 
[- Sat 16.Mar'13 at 12:36:35 +0400  Alexander Nusov :-]

 Hello,
 I'm trying to get why to use binary packages if they are not updated?
 
 For example, this package confuses me: lighttpd
 
 ftp://ftp.openbsd.org/pub/OpenBSD/5.2/packages/amd64/
 lighttpd-1.4.31p0-ldap-mysql.tgz339 kB31.07.12 0:00:00
 lighttpd-1.4.31p0-ldap.tgz335 kB31.07.12 0:00:00
 lighttpd-1.4.31p0-mysql.tgz337 kB31.07.12 0:00:00
 lighttpd-1.4.31p0.tgz
 
 But now the latest version is 1.4.32 because of vulnerability fix
 November, 21 (One important denial of service (in 1.4.31) fix:
 CVE-2012-5533.)

I've found that packages, as opposed to building ports, work and
function much better as they've been tested to do so and it makes like
much easier. I've got loads of different things installed as packages
and i've had no problem with any of them. I've had no need, except for
the msttcorefonts, to build any port. They are are easier to maintain
and update as well and also if you choose to delete them they are easy
to get rid of.

I do use current snapshots and my PKG_PATH is set to the snapshots'
packages which I believe are fairly up-to-date. i.e
PKG_PATH=ftp://mirror.ox.ac.uk/pub/OpenBSD/snapshots/packages/amd64/ .

I've just looked at the snapshots packages on that mirror and the
version of your package is lighttpd-1.4.32p1.tgz

So by following current, and the current packages you will get the
up-to-date versions.

-- 
James Griffin:  jmz at kontrol.kode5.net 
jmzgriffin at gmail.com

A4B9 E875 A18C 6E11 F46D  B788 BEE6 1251 1D31 DC38

Re: Why to use packages?

2013-03-16 Thread Eric Furman 
Who do you trust?
OBSD and the maintainer of that package or the 
lighttpd upstream maintainers?
I'm sure it is being looked at.
Please use another OS that is more dedicated to security
if this overly concerns you.

On Sat, Mar 16, 2013, at 04:36 AM, Alexander Nusov wrote:
 Hello,
 I'm trying to get why to use binary packages if they are not updated?
 
 For example, this package confuses me: lighttpd
 
 ftp://ftp.openbsd.org/pub/OpenBSD/5.2/packages/amd64/
 lighttpd-1.4.31p0-ldap-mysql.tgz339 kB31.07.12 0:00:00
 lighttpd-1.4.31p0-ldap.tgz335 kB31.07.12 0:00:00
 lighttpd-1.4.31p0-mysql.tgz337 kB31.07.12 0:00:00
 lighttpd-1.4.31p0.tgz
 
 But now the latest version is 1.4.32 because of vulnerability fix
 November, 21 (One important denial of service (in 1.4.31) fix:
 CVE-2012-5533.)

Re: Why to use packages?

2013-03-16 Thread Patrick Lamaiziere 
Le Sat, 16 Mar 2013 12:36:35 +0400,
Alexander Nusov alexander.nu...@gmail.com a écrit :

Hello,

 I'm trying to get why to use binary packages if they are not updated?

I don't see any reason to use packages too (IMHO).

 For example, this package confuses me: lighttpd
 
 ftp://ftp.openbsd.org/pub/OpenBSD/5.2/packages/amd64/
 lighttpd-1.4.31p0-ldap-mysql.tgz339 kB31.07.12 0:00:00
 lighttpd-1.4.31p0-ldap.tgz335 kB31.07.12 0:00:00
 lighttpd-1.4.31p0-mysql.tgz337 kB31.07.12 0:00:00
 lighttpd-1.4.31p0.tgz

It was updated in the stable port tree (but there are no package
available). You can build your own packages from it and deploy them.

Regards.

Re: Why to use packages?

2013-03-16 Thread Alexander Nusov 
Got it, thanks!
As far I understood one reason to use packages is bootstrapping? So
install packages first then update all needed software from ports?

On Sat, Mar 16, 2013 at 3:55 PM, Patrick Lamaiziere
patf...@davenulle.org wrote:
 Le Sat, 16 Mar 2013 12:36:35 +0400,
 Alexander Nusov alexander.nu...@gmail.com a écrit :

 Hello,

 I'm trying to get why to use binary packages if they are not updated?

 I don't see any reason to use packages too (IMHO).

 For example, this package confuses me: lighttpd

 ftp://ftp.openbsd.org/pub/OpenBSD/5.2/packages/amd64/
 lighttpd-1.4.31p0-ldap-mysql.tgz339 kB31.07.12 0:00:00
 lighttpd-1.4.31p0-ldap.tgz335 kB31.07.12 0:00:00
 lighttpd-1.4.31p0-mysql.tgz337 kB31.07.12 0:00:00
 lighttpd-1.4.31p0.tgz

 It was updated in the stable port tree (but there are no package
 available). You can build your own packages from it and deploy them.

 Regards.

Re: Why to use packages?

2013-03-16 Thread Kenneth R Westerback 
On Sat, Mar 16, 2013 at 03:59:59PM +0400, Alexander Nusov wrote:
 Got it, thanks!
 As far I understood one reason to use packages is bootstrapping? So
 install packages first then update all needed software from ports?

a) Packages are built on correct versions of software. So 5.2 packages
work on 5.2. *MANY* people incorrectly try to build -current ports
on -stable or -relase. This does not work. And if using ports was
recommended there would be even more such carping.

b) Building from ports means building a *LOT* of build dependencies.
Like extra compilers. These are not needed when you just install
packages. e.g.  just building my normal set of packages (because I
always have experimental system and X diffs to test on top of
-current) takes 12 hours on an 8xi7 8GB amd64.

c) Building from ports means the developers do not know what you
did, what your environment looked like, etc. So bug reports are
much harder to deal with.

If you want to run the latest versions of 3rd party software you
must keep your systems at -current and either use the latest built
packages or keep rebuilding your ports.

 Ken

 
 On Sat, Mar 16, 2013 at 3:55 PM, Patrick Lamaiziere
 patf...@davenulle.org wrote:
  Le Sat, 16 Mar 2013 12:36:35 +0400,
  Alexander Nusov alexander.nu...@gmail.com a ?crit :
 
  Hello,
 
  I'm trying to get why to use binary packages if they are not updated?
 
  I don't see any reason to use packages too (IMHO).
 
  For example, this package confuses me: lighttpd
 
  ftp://ftp.openbsd.org/pub/OpenBSD/5.2/packages/amd64/
  lighttpd-1.4.31p0-ldap-mysql.tgz339 kB31.07.12 0:00:00
  lighttpd-1.4.31p0-ldap.tgz335 kB31.07.12 0:00:00
  lighttpd-1.4.31p0-mysql.tgz337 kB31.07.12 0:00:00
  lighttpd-1.4.31p0.tgz
 
  It was updated in the stable port tree (but there are no package
  available). You can build your own packages from it and deploy them.
 
  Regards.

Re: Why to use packages?

2013-03-16 Thread Gregor Best 
On Sat, Mar 16, 2013 at 03:59:59PM +0400, Alexander Nusov wrote:
 Got it, thanks!
 As far I understood one reason to use packages is bootstrapping? So
 install packages first then update all needed software from ports?
 [...]

Since packages are built from ports, that effort is nil. The only
halfway sane reason I can think of not to use packages but ports is
being to lazy to upgrade from an old -CURRENT snapshot to a newer one.
For the security-conscient, that should not be an issue, because you are
always running -CURRENT or -STABLE anyway.

-- 
Gregor Best