stable vs. unstable ports?

Joshua Root jmr at macports.org
Mon Mar 23 06:16:43 PDT 2009 

Ryan Schmidt wrote:
> 
> On Mar 23, 2009, at 01:06, Darren Weber wrote:
> 
>> I like the idea of an opt-in Xgrid system, whereby users could opt-in
>> to install an Xgrid client that provides a macports build system,
>> binary distributions, and meta-ports monitor.  Of course, some folks
>> might interpret it as too much big-brother, but really it's just so
>> common now to have integrated network clusters with two-way traffic. 
>> The opt-in and security settings on the facility may need integrity
>> checking (code review - so specific commit rights and few maintainers
>> with security access) and community monitoring to ensure security. 
>> Just about every major desktop system around has some kind of
>> automated process monitoring and opt-in bug reporting (windows, mac
>> OSX, gnome, etc.).  I guess that Xgrid provides a nice platform for a
>> distributed build system.
> 
> Before we can allow arbitrary users to submit their builds to a central
> server, we would need to ensure that a build that occurs on one user's
> system is *identical* to the build on any other user's computer. This
> cannot currently be assured because MacPorts does not build in a chroot,
> and without this, it is possible for a port to link with libraries that
> happen to be on the user's system that it ought not link with -- be they
> libraries from other ports on which the port in question does not
> declare a dependency, or libraries in /usr/local, to which the compiler
> always looks.
> 
> Therefore, a build farm that we control is a better option. Which, as
> explained in other threads, cannot happen until the software to do the
> automated builds in the clean environment is written.

Quite aside from bugs in MP, we have no way of knowing whether downright
malicious changes have been made in user-submitted binaries. TBH, I'm
already a little uncomfortable about the ports tree being mirrored,
since unlike distfiles there is no system in place to verify the
integrity of those files.

Portfiles can at least be verified by inspection, but binaries cannot.
So I don't think we can accept binaries from users no matter how
bug-free base becomes. This doesn't preclude users from sharing their
own collections of binaries, but using them would have to be a matter of
trust between the user and the provider.

- Josh

More information about the macports-users mailing list