[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "porting" applications that compile cleanly...



James R. Johnson <johnsojr_(_at_)_umn_(_dot_)_edu> wrote:

> 	What is the general policy about making "ports" for applications that 
> complie cleanly?

Make a port.

- If there's a port, there can also be a package for those who
  prefer this.
- Ports/packages are subject to package management.  Think
  pkg_delete(1).
- If something is in the ports tree, people will know that it is
  available on OpenBSD.  They will hardly search mailing list
  archives for ephemeral announcements, that something used to
  compile somehow for somebody.
- More or less regularly, the complete ports tree is build on
  several architectures to provide package snapshots.  Consider it
  a free test that the port still builds, and on several platforms.

> though this is technically not a port,

Technically, it's a port if it has a ports skeleton.  Even if there
are no patches.  Different meaning of "port".  (Yes, the word is
absurdly overloaded.)

>       My personal feelings on this are "Yes let's make as many
> 'ports' as possible for OpenBSD so that others can just type make
> && make build and be done with it!"

Yes, but not at any cost.  Ports should be quality work and they
need to be _maintained_.  The upstream release changes.  Even if it
doesn't, OpenBSD changes.  The ports infrastructure changes.  The Red
Queen Principle applies.

> Is there anyway of indicating the amount of scrutiny that went
> into ported software?

pkg/SECURITY

> Or is it just "buyer beware"....

Yes.  The ports collection isn't audited.

-- 
Christian "naddy" Weisgerber                          naddy_(_at_)_mips_(_dot_)_inka_(_dot_)_de