From nobody Mon Mar 18 04:43:55 2024 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Tyj1C1LJnz5FZVF for ; Mon, 18 Mar 2024 04:43:59 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Tyj1B4fX6z4FNt; Mon, 18 Mar 2024 04:43:58 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF policy when checking 3.97.99.33) smtp.mailfrom=cy.schubert@cschubert.com Received: from shw-obgw-4004a.ext.cloudfilter.net ([10.228.9.227]) by cmsmtp with ESMTPS id m46XrMDxvdrxEm4qsr7Lqb; Mon, 18 Mar 2024 04:43:58 +0000 Received: from spqr.komquats.com ([70.66.152.170]) by cmsmtp with ESMTPSA id m4qqri45KWhyfm4qrrZTRQ; Mon, 18 Mar 2024 04:43:57 +0000 X-Authority-Analysis: v=2.4 cv=MenPuI/f c=1 sm=1 tr=0 ts=65f7c68e a=y8EK/9tc/U6QY+pUhnbtgQ==:117 a=y8EK/9tc/U6QY+pUhnbtgQ==:17 a=kj9zAlcOel0A:10 a=K6JAEmCyrfEA:10 a=H0GPC0OhAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=EkcXrb_YAAAA:8 a=F5B6zy7K8LbkpfthBm0A:9 a=CjuIK1q_8ugA:10 a=KczGKrPSgCPlefTG41c3:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 a=LK5xJRSDVpKd5WXXoEvA:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id 0F2BB29A5; Sun, 17 Mar 2024 21:43:56 -0700 (PDT) Received: by slippy.cwsent.com (Postfix, from userid 1000) id C744614C; Sun, 17 Mar 2024 21:43:55 -0700 (PDT) X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Eugene Grosbein cc: Daniel Engberg , Florian Smeets , ports@freebsd.org Subject: Re: Proposed ports deprecation and removal policy In-reply-to: <46bc57fc-90af-004e-b722-114869097408@grosbein.net> References: <435edf7c-a956-4317-b327-3372de70dbef@FreeBSD.org> <1c5b7818-842f-f7b8-9d4e-5bf681cad20e@grosbein.net> <64c7435c-2d69-1f62-ba7c-30812860a457@grosbein.net> <9646fd5d0666c8e57795ea1b370b6af1@mail.infomaniak.com> <7a7501f71442d27f6d8c1c0a16f247c1@mail.infomaniak.com> <8212dd5a-bcc2-e214-0373-6dbfddef65c2@grosbein.net> <49c4e69ffb5cec7b71d4b8e01f628ae7@mail.infomaniak.com> <46bc57fc-90af-004e-b722-114869097408@grosbein.net> Comments: In-reply-to Eugene Grosbein message dated "Sat, 16 Mar 2024 20:16:21 +0700." List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 17 Mar 2024 22:43:55 -0600 Message-Id: <20240318044355.C744614C@slippy.cwsent.com> X-CMAE-Envelope: MS4xfBABl9Bpn63HzqJVDxtQc9tClr3GiP1nA4wZqjFaq2RaVIw0CfytMPnDMLGXK1FhXc52dYLfYgV4vWJuTB7CFQu2Nz9++3pGs4QXoRdHtYREL3jk2IrQ Uo6I3nR50DY2zKTmpmcKT3pNEHcCHDhQCZaoKNdBhRtywOOdEjKarWT1dtromY/yk+icpkqnrCv+5fJvLWZPftRC4ssjZnNKXkaDqfzetmksjiV98QXCVbDd Ve3Yze559kuxUPqrW8IRezEz06RDmpFPRXW47qkfdvV2lWIkGLHwz25CtUW6BOCf X-Spamd-Bar: - X-Spamd-Result: default: False [-1.65 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; AUTH_NA(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.95)[-0.953]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[3.97.99.33:from]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US]; MIME_TRACE(0.00)[0:+]; R_SPF_NA(0.00)[no SPF record]; R_DKIM_NA(0.00)[]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; RCPT_COUNT_THREE(0.00)[4]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DMARC_NA(0.00)[cschubert.com]; RCVD_TLS_LAST(0.00)[]; MLMMJ_DEST(0.00)[ports@freebsd.org]; REPLYTO_EQ_FROM(0.00)[] X-Rspamd-Queue-Id: 4Tyj1B4fX6z4FNt In message <46bc57fc-90af-004e-b722-114869097408@grosbein.net>, Eugene Grosbein writes: > 16.03.2024 17:03, Daniel Engberg wrote: > > > A key difference is though that browsers such as Firefox or Chromium are ma > intained upstream including reporting etc. > > It does not stop browsers from being vulnerable all the time. All times. So, > no difference in practical point of view. > In theory, there is difference. Not in practice. > > Eugen You know, if they'd only stop adding features (which also counts for actively maintained) and focus on fixing security bugs, would browsers only start to gain some resilience to being hacked. Actively maintained comes in two flavors: 1. Bug fixes. 2. New features. Security fixes by and large fall in the bug fixes category. New features will many times introduce new vulnerabilities. One could argue that software that continues to introduce new features may have a tendency to be less secure. Maybe we should take the middle ground and only support software that is not to aggressively maintained either. This of course sounds absurd. Software that is still maintained by an upstream but has not witnessed a new release may in fact be mature. And if mature software is not updated with security fixes (because it may just happen to to not have any known vulnerabilities) nor be updated with new features (because there is no need for new features), is just as absurd. There's more to actively maintained than security fixes. Most of the time it's new features, or put it another way new shiny objects to interest us. The forest is made of many trees. Not just one. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0