June 06, 2016 posted by Kamil Rytarowski
The pkgsrc team has prepared the 50th release of their package management system, with the 2016Q1 version. It's infrequent event, as the 100th release will be held after 50 quarters.
The NetBSD team has prepared series of interviews with the authors. The next one is with Benny Siegert, a developer active in the release engineering team.
Hi Benny, please introduce yourself.
I came to pkgsrc to my work on MirBSD. MirBSD only had a handful of
developers, so there was not enough manpower to maintain our own ports
tree -- not that we didn't try! In the end, we decided to support
pkgsrc, and I joined the NetBSD project as a developer, in an
amazingly quick and painless process.
My dayjob is as an SRE at Google; luckily, Google allows me to use my
20% time to work on pkgsrc. Working in this job has changed my
perspective on computing. I try to apply some of the SRE principles
(automate repetitive work, discipline in bug tracking, etc.) to my
work in pkgsrc.
First of all, congratulations on the 50th release of pkgsrc! How do you feel about this anniversary?
Wow, 50 releases already! I find it remarkable how pkgsrc has
continued on a stable growth trajectory all these years. And together,
we have built one of the best and most advanced package collections.
What are the main benefits of the pkgsrc system?
pkgsrc runs on almost any platform that you are likely to use, from
NetBSD, other BSDs, commercial Unixes, Linux and Mac OS. Whatever the
platform, you have the same huge choice of up-to-date packages. You
can install them with a single command. That's pretty compelling.
Where and how do you use pkgsrc?
These days, I mostly use pkgsrc on NetBSD and Mac OS X. On the Mac,
pkgsrc may not be the most popular package collection but it still
works amazingly well. (By the way, I applaud the team behind
saveosx.org for making an effort to make pkgsrc more widely known
among Mac users.)
What are the pkgsrc projects you are currently working on?
By accident, I ended up being the maintainer of the pkgsrc stable
branch :) I am the one who handles most of the security updates to the
As a fan of the Go programming language (and a contributor to the
project), I work on making software written in Go easy to use in
pkgsrc. There is infrastructure (go-package.mk) for packaging Go
If you analyze the current state of pkgsrc, which improvements and changes do you wish for the future?
I would love to have more modern tooling. Gnats for bugs and CVS for
the repository are both outdated. But this is an ongoing discussion.
I would also like to have a more rigorous handling of security fixes.
The vulnerability DB is great and kept very well; on the other hand
actually fixing the vulnerabilities is sometimes neglected,
particularly for packages that not many people use.
Do you have any practical tips to share with the pkgsrc users?
- If you are on a machine where you do not have root access (such as a
shared Linux machine), you can bootstrap pkgsrc in unprivileged mode.
This way, everything builds and installs without needing to use root
- Read up on "pkg_admin audit" and use it regularly, to find when you
have packages with security problems installed.
What's the best way to start contributing to pkgsrc and what needs to be done?
pkgsrc-wip has a really low barrier to entry. Try to make your own
package for something simple and put it in wip.
Look in pkgsrc/doc/TODO, it contains some suggestions for things you
may want to work on. There is also a long list of suggested package
updates in there, you can send a PR with patch for these.
Finally, if you run "pkg_admin audit", as I suggested above, and
discover that pkgsrc does not contain a fix for a given vulnerability,
you can try to find a patch and submit it via PR. I would be more than
happy to apply it :)
Do you plan to participate in the upcoming pkgsrcCon 2016 in Kraków
pkgsrcCon is a fantastic conference. I am not 100% sure yet if I can
make it but I will try to.