Subject: Re: deinstall missing messages and not removing config files
To: None <tech-pkg@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-pkg
Date: 05/27/2005 12:20:23
On Wed, 25 May 2005, Jeremy C. Reed wrote:

> I am guessing all binary packages that should use this functionality since
> February are broken.

I filed a PR about this. It was assigned and I got some feedback that gave
me a clue.

My problem was on systems that don't have any pkgsrc builds. My pkg_add
tool was way out of date.

We need to figure out a way to say that the pkg_install is too old.

Maybe add to pkg-vulnerabilities? This may be an abuse since not a
"vulnerability", but the problem is that it does not clean up or report
about old configs, old startup scripts, old users/groups, old directories,
and so potentially it could lead to some security issue later.

Or maybe have the meta-data for new packages indicate what PKGTOOLS_REQD
is now needed and have pkg_add (and maybe also pkg_info) actually test
that: "The package foo-1.2.3 to be installed requires package tools of at
least version ${PKGTOOLS_REQD}. Use the -f to force the installation or
upgrade pkg_install package first."

Or both?

What do you all think? How can we encourage upgrades of pkg_install on
binary-package-only systems?

 Jeremy C. Reed

p.s. By the way, pkg_install package can't be packaged easily. The custom
update target does a "make clean" and so then "make package" fails because
needs "make update". I commented out the "make clean". Before I used
FORCE_PKG_REGISTER, but that is not good.