Date: Fri, 19 Nov 2021 14:41:10 -0800 From: Mel Pilgrim <list_freebsd@bluerosetech.com> To: Eugene Grosbein <eugen@grosbein.net>, Rene Ladan <rene@freebsd.org>, Maxim Sobolev <sobomax@freebsd.org> Cc: ports@freebsd.org, portmgr@freebsd.org, python@freebsd.org Subject: Re: Bringing back lang/python27 with few modules? Message-ID: <09b3a479-5aca-7524-bcee-f03754fefd7c@bluerosetech.com> In-Reply-To: <eb522655-e199-62f2-1a02-b0ae16143421@grosbein.net> References: <CAH7qZfvBQ0gKEdOn7nTuzAbMOG9LM2DVGyUs9b9PGwNgJTDCAw@mail.gmail.com> <CAH7qZfu32O8G2bDboOu4oXJTnofu_73OkU5aNodB7k%2B7xh%2B3UA@mail.gmail.com> <YZTWdBIF7MhjLqqC@freefall.freebsd.org> <eb522655-e199-62f2-1a02-b0ae16143421@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2021-11-18 0:43, Eugene Grosbein wrote: > 17.11.2021 17:16, Rene Ladan wrote: >> On Wed, Nov 17, 2021 at 12:37:07AM -0800, Maxim Sobolev wrote: >>> P.S. AFAIK our documented criteria for removing a port is when one of the >>> following is true: >>> o Port lacks maintaintership; >>> o Port has issues building on supported releases; >>> o Port clearly has no users/use; >>> o Port has some serious security issues. >>> >>> The lang/python27 did not belong to either of those bins, IMHO. >> >> "Unmaintained upstream" is also a criterion, and Python 2.7 fits there. > > This is bad criterion for open source software and should not be considered without other reasons > like "unfetchable" or "has known critical vulnerabilities". It very likely has known critical vulnerabilities. For example, CVE-2021-3177 is a potential RCE bug in Python 3.x. It was officially fixed upstream, and the backported fix is found in Python 2.7 LTS contracts.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?09b3a479-5aca-7524-bcee-f03754fefd7c>