This has bothered me in the past several times, but I was just reminded of it, so I figured I'd post about it before I forget again:
According to "man pkg-updating", it "scans the installed ports and shows all UPDATING entries that affect one of the installed ports." That sounds very useful, and in fact I use it frequently, and have for a long time. However, it's not actually true. The command is unreliable, and quite possibly dangerously so.
The problem is that it relies upon the messages in UPDATING being in a particular format (seemingly, the "AFFECTS" line has to have the package name), but there is nothing enforcing that they actually are in that format. So, for example, just a week or two ago, "pkg updating" did not show me that my installed package lang/python311 had an UPDATING entry that affected it. This seems to be because the entry was labeled with "AFFECTS: Python users" (which, to be clear, does not contain the string "lang/python311").
I haven't seen anything (e.g. in "man pkg-updating") about this, nor how to make it reliable. If there is such a way, I'd love to hear about it. If there's not, though, maybe something should be done about it. For example, perhaps instead of just a text file that maintainers can change arbitrarily, a little program to check the format of the text file before the change can actually be successfully submitted to source control. Or, maybe even have maintainers submit their entries to some DB-centric app instead of to a text file.
According to "man pkg-updating", it "scans the installed ports and shows all UPDATING entries that affect one of the installed ports." That sounds very useful, and in fact I use it frequently, and have for a long time. However, it's not actually true. The command is unreliable, and quite possibly dangerously so.
The problem is that it relies upon the messages in UPDATING being in a particular format (seemingly, the "AFFECTS" line has to have the package name), but there is nothing enforcing that they actually are in that format. So, for example, just a week or two ago, "pkg updating" did not show me that my installed package lang/python311 had an UPDATING entry that affected it. This seems to be because the entry was labeled with "AFFECTS: Python users" (which, to be clear, does not contain the string "lang/python311").
I haven't seen anything (e.g. in "man pkg-updating") about this, nor how to make it reliable. If there is such a way, I'd love to hear about it. If there's not, though, maybe something should be done about it. For example, perhaps instead of just a text file that maintainers can change arbitrarily, a little program to check the format of the text file before the change can actually be successfully submitted to source control. Or, maybe even have maintainers submit their entries to some DB-centric app instead of to a text file.