Date: Sun, 14 Nov 2021 20:16:50 +0100 From: Rob LA LAU <freebsd@ohreally.nl> To: Kurt Jaeger <pi@freebsd.org>, Guido Falsi <mad@madpilot.net> Cc: freebsd-ports@freebsd.org Subject: Re: Adding functionality to a port Message-ID: <9f00f43c-0fc6-bcda-1f71-fdaddcad3d0c@ohreally.nl> In-Reply-To: <YZFXby/ktthO9Khx@fc.opsec.eu> References: <4ca51765-b556-3f12-5809-5aadbf6dccca@ohreally.nl> <YZEskkPi2%2BcX9hrZ@home.opsec.eu> <480b44f5-0674-e645-8413-a1a368cfc393@ohreally.nl> <YZExLlXP3uEjrvyF@fc.opsec.eu> <fb5e514d-1458-9b49-1882-b64d5386cdfa@madpilot.net> <YZFGCoblQOHPnPWe@fc.opsec.eu> <e07b5a48-3465-c92b-ee4b-f2fc91e0202f@madpilot.net> <YZFXby/ktthO9Khx@fc.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi again, On 14/11/2021 19:37, Kurt Jaeger wrote: > I agree. The problem is that this is very difficult to codify > into some policy. I've done some digging. And actually, Fedora only needs a few words: "All patches should have an upstream bug link or comment" [1] This assures that packages stay close to their upstream projects. Another rule could be "Patches should only be applied to make the software run as intended by its developer. All additional functionality should be integrated upstream first or, if that's not possible or desirable, should be developed as a separate project which can then be ported alongside the first port." Having rules for these situations means that tools can be created to verify and enforce those rules. Not having these rules is an invitation to people with malicious intent to integrate backdoors, keyloggers, and what not into the ports. IMHO. Rob [1] https://docs.fedoraproject.org/en-US/packaging-guidelines/#_all_patches_should_have_an_upstream_bug_link_or_comment -- https://www.librobert.net/ https://www.ohreally.nl/category/nerd-stuff/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9f00f43c-0fc6-bcda-1f71-fdaddcad3d0c>