From owner-freebsd-ports@FreeBSD.ORG Thu Sep 8 12:19:25 2011 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C30B0106564A for ; Thu, 8 Sep 2011 12:19:25 +0000 (UTC) (envelope-from mattblists@icritical.com) Received: from mail1.icritical.com (mail1.icritical.com [93.95.13.41]) by mx1.freebsd.org (Postfix) with SMTP id 183688FC08 for ; Thu, 8 Sep 2011 12:19:24 +0000 (UTC) Received: (qmail 24843 invoked from network); 8 Sep 2011 11:52:42 -0000 Received: from localhost (127.0.0.1) by mail1.icritical.com with SMTP; 8 Sep 2011 11:52:42 -0000 Received: (qmail 24834 invoked by uid 599); 8 Sep 2011 11:52:42 -0000 Received: from unknown (HELO icritical.com) (212.57.254.146) by mail1.icritical.com (qpsmtpd/0.28) with ESMTP; Thu, 08 Sep 2011 12:52:42 +0100 Message-ID: <4E68AC85.4060705@icritical.com> Date: Thu, 08 Sep 2011 12:52:37 +0100 From: Matt Burke User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.15) Gecko/20110403 Thunderbird/3.1.9 MIME-Version: 1.0 To: freebsd-ports@freebsd.org References: <4E651DCF.30605@FreeBSD.org> <201109052146.p85Lkous037023@fire.js.berklix.net> <4E67935C.6080702@aldan.algebra.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 08 Sep 2011 11:52:37.0906 (UTC) FILETIME=[CE2CEF20:01CC6E1D] X-Virus-Scanned: by iCritical at mail1.icritical.com Subject: Re: sysutils/cfs X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Sep 2011 12:19:25 -0000 On 09/07/11 17:04, Chris Rees wrote: >> The /new/ policy of removing ports for much lighter offenses, such as > having vulnerabilities, has already caused so many objections, that it is > time to abolish it. > > I consider the argument here dead; portmgr is reviewing the policy as Erwin > has said. > > However... I find it deeply troubling that you consider buildability more > important than security fixes. Are you actually serious? Changing to a hypothetical example, why would an Apache vulnerability in mod_rewrite in the least bit bother a person who doesn't have the module enabled, which I believe is the standard configuration? Would you prefer Apache be deleted from ports if it took longer than expected to fix it? I've still got non-networked FreeBSD 4.x laptops running with a version of Minicom that for a year or so was FORBIDDEN because it had a local root vulnerability. What's so wrong about that? I'm glad the port wasn't deleted because I still install and use Minicom today. What the current FreeBSD policy of actively deleting perfectly usable ports instead of putting a mild hurdle in the way is saying, is that FreeBSD will stop me doing what I may want to do because FreeBSD knows best. I want machines, tools, to do as *I* say not the other way round, whether it's good for me or not. If I wanted nannying and interference, I'd install Ubuntu.