Hi! 2008/12/18 Justin C. Sherrill <[email protected]>: > On Thu, December 18, 2008 2:16 am, Robert Luciani wrote: > >> The advantage of using a vkernel (or at least keeping your chroot around >> for a long while) is that it allows you to keep rebuilding packages >> that were tagged with vulnerabilities, from the same environment, for >> the entire lifespan of the package set. Otherwise, security >> updates render a stable package set obsolete very quickly. This was >> also why I mentioned pkg_chk and that it needs to be fixed. Because >> now, updating packages is so arduous that people just leave firefox-3 >> as an old version even though it might have multiple security problems. > > I'd say stick with a chroot; it'll accomplish the same thing without the > overhead. I suppose trying and timing both strategies with the same > pkgsrc release would provide an interesting benchmark on just how much > overhead the virtualized kernel introduces...
/me wishes DFBSD has cluster support already. I'd be glad to share some CPU cycles for package building. :) Having a packed vkernel environment will let me to easily install a little cluster block with limited access to other system stuff. PS. Yes, I can imagine the amount of work to be done to achieve that goal. Treat this as a dreaming-rumbling-mumbling aloud. :) -- Dennis Melentyev
