On Thu, December 18, 2008 2:16 am, Robert Luciani wrote: > The advantage of using a vkernel (or at least keeping your chroot around > for a long while) is that it allows you to keep rebuilding packages > that were tagged with vulnerabilities, from the same environment, for > the entire lifespan of the package set. Otherwise, security > updates render a stable package set obsolete very quickly. This was > also why I mentioned pkg_chk and that it needs to be fixed. Because > now, updating packages is so arduous that people just leave firefox-3 > as an old version even though it might have multiple security problems.
I'd say stick with a chroot; it'll accomplish the same thing without the overhead. I suppose trying and timing both strategies with the same pkgsrc release would provide an interesting benchmark on just how much overhead the virtualized kernel introduces... > I think the versioning of the /All redirection is a fine idea if anyone > wants to implement it but since pkg_radd uses PKG_PATH we don't > really _need_ to change anything in the mirroring scripts except > maybe agree on an "official" directory layout. So a person wanting to > use the current packages can just manually set PKG_PATH to > packages/current. I was thinking we could default to whatever the current installed version of DragonFly happened to be, and then people who wanted current (or something else) could manually set it.
