, "Frederick Bruckman <fb@enteract.com>
From: Martin Husemann <martin@rumolt.teuto.de>
List: tech-pkg
Date: 01/09/2000 11:00:30
> We could add (very!) brief note to the COMMENT?
Couldn't we create global /etc/mk.conf settings like the following?
ONLY_PKGS_RUNABLE_ON_THIS_HOST="NO" # default: "YES"
NO_BINARY_DISTRIBUTION_FROM_PKGSRC="YES" # default: "NO"
The first could toggle the detailed architectural tests (like needed
emulations and COMPAT_ options), the second would disable all packages that
are not the usual "fetch the source and build from that" type (i.e. would
block Netscape, rar and some others, that are realy binary packages in
pkgsrc-disguise).
This way bulk builds wouldn't suffer. I find this a subjective security win.
It asserts me I have source available for everything I run.
BTW: I think neither test would affect anything bulk-buildable. In the
Netscape or rar case there is nothing to build (only redistribute) and in
all build-from-source cases it's hard to imagine something building
explicitly on a current system that needs some old compat option. But of
course someone might come up with a strange pkg depending on linux-devel
pkgs and compiling a linux binary natively on NetBSD-current ;-)
Martin