Date: Sun, 4 Sep 2011 21:36:55 +0100 From: Chris Rees <utisoft@gmail.com> To: "Julian H. Stacey" <jhs@berklix.com> Cc: ports@freebsd.org, yar@freebsd.org Subject: Re: sysutils/cfs Message-ID: <CADLo83_=3KtO4yJfqVXXfL%2Bqwvne5m0KAA8GVw8=esV%2BBacP=w@mail.gmail.com> In-Reply-To: <201109042032.p84KWUIF073409@fire.js.berklix.net> References: <CADLo83_A%2BOh%2Bi4ZFQ=KnZyvBk0h2pf%2BbJnjhYHm=5UyacjE3cA@mail.gmail.com> <201109042032.p84KWUIF073409@fire.js.berklix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 September 2011 21:32, Julian H. Stacey <jhs@berklix.com> wrote: >> >> Whoops, also missed a CVE -- buffer overflows can cause a DoS. >> Expiration date altered to 1 month accordingly. > > It is not responsible to threaten to remove ports without warning > between releases for non urgent reasons. > > Better to deprecate such non urgent ports, & wait a while after next > release is rolled, to give release users a warning & some time > to volunteer (or if a firm using releases, perhaps time to allocate > a staff member if a port is important to them). Yeah... perhaps if there isn't a vulnerability. At the moment it's marked FORBIDDEN, so it's useless -- anyone who is serious about fixing it at whatever time is welcome to check it out of the Attic -- a slight inconvenience for which we apologise. In the mean time, <record class=3D"broken">the ports tree is not a museum for ancient insecure bug-ridden software</record>. Chris --=20 Chris Rees =A0 =A0 =A0 =A0 =A0| FreeBSD Developer crees@FreeBSD.org =A0 | http://people.freebsd.org/~crees
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLo83_=3KtO4yJfqVXXfL%2Bqwvne5m0KAA8GVw8=esV%2BBacP=w>