Date: Sun, 17 Mar 2024 22:43:55 -0600 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Eugene Grosbein <eugen@grosbein.net> Cc: Daniel Engberg <daniel.engberg.lists@pyret.net>, Florian Smeets <flo@FreeBSD.org>, ports@freebsd.org Subject: Re: Proposed ports deprecation and removal policy Message-ID: <20240318044355.C744614C@slippy.cwsent.com> In-Reply-To: <46bc57fc-90af-004e-b722-114869097408@grosbein.net> References: <435edf7c-a956-4317-b327-3372de70dbef@FreeBSD.org> <1c5b7818-842f-f7b8-9d4e-5bf681cad20e@grosbein.net> <c5e3e5d2d058d90777828b88a0f1506e@mail.infomaniak.com> <64c7435c-2d69-1f62-ba7c-30812860a457@grosbein.net> <9646fd5d0666c8e57795ea1b370b6af1@mail.infomaniak.com> <b10cc27c-d2f9-5c81-115b-2f577ff6f825@grosbein.net> <7a7501f71442d27f6d8c1c0a16f247c1@mail.infomaniak.com> <8212dd5a-bcc2-e214-0373-6dbfddef65c2@grosbein.net> <49c4e69ffb5cec7b71d4b8e01f628ae7@mail.infomaniak.com> <46bc57fc-90af-004e-b722-114869097408@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <46bc57fc-90af-004e-b722-114869097408@grosbein.net>, Eugene Grosbein writes: > 16.03.2024 17:03, Daniel Engberg wrote: > > > A key difference is though that browsers such as Firefox or Chromium are ma > intained upstream including reporting etc. > > It does not stop browsers from being vulnerable all the time. All times. So, > no difference in practical point of view. > In theory, there is difference. Not in practice. > > Eugen You know, if they'd only stop adding features (which also counts for actively maintained) and focus on fixing security bugs, would browsers only start to gain some resilience to being hacked. Actively maintained comes in two flavors: 1. Bug fixes. 2. New features. Security fixes by and large fall in the bug fixes category. New features will many times introduce new vulnerabilities. One could argue that software that continues to introduce new features may have a tendency to be less secure. Maybe we should take the middle ground and only support software that is not to aggressively maintained either. This of course sounds absurd. Software that is still maintained by an upstream but has not witnessed a new release may in fact be mature. And if mature software is not updated with security fixes (because it may just happen to to not have any known vulnerabilities) nor be updated with new features (because there is no need for new features), is just as absurd. There's more to actively maintained than security fixes. Most of the time it's new features, or put it another way new shiny objects to interest us. The forest is made of many trees. Not just one. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240318044355.C744614C>