From owner-freebsd-ports@FreeBSD.ORG Wed Nov 9 22:24:40 2011 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F23D3106564A for ; Wed, 9 Nov 2011 22:24:39 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D6A3F8FC0C; Wed, 9 Nov 2011 22:24:39 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id pA9MOdik041794; Wed, 9 Nov 2011 22:24:39 GMT (envelope-from bapt@FreeBSD.org) Received: (from bapt@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id pA9MOdgX041793; Wed, 9 Nov 2011 22:24:39 GMT (envelope-from bapt@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: bapt set sender to bapt@FreeBSD.org using -f Date: Wed, 9 Nov 2011 23:24:35 +0100 From: Baptiste Daroussin To: Stanislav Sedov Message-ID: <20111109222435.GD92221@azathoth.lan> References: <20111109124325.17efc0d1.stas@deglitch.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="cHMo6Wbp1wrKhbfi" Content-Disposition: inline In-Reply-To: <20111109124325.17efc0d1.stas@deglitch.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: ports@FreeBSD.org Subject: Re: Recent ports removal X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Nov 2011 22:24:40 -0000 --cHMo6Wbp1wrKhbfi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 09, 2011 at 12:43:25PM -0800, Stanislav Sedov wrote: > Hi! >=20 > I noticed the following in the commit log: > % > % Modified files: > % . MOVED=20 > % devel Makefile=20 > % graphics Makefile=20 > % Removed files: > % devel/soup Makefile distinfo pkg-descr pkg-plist=20 > % devel/soup/files patch-Makefile.in patch-configure=20 > % patch-docs::reference::Makefile.in=20 > % patch-soup-0.7.11-gcc41=20 > % patch-src_libsoup_soup-message.c=20 > % patch-src_libwsdl_wsdl-soap-memory.c=20 > % patch-src_libwsdl_wsdl-soap-parse.c=20 > % patch-src_libwsdl_wsdl-typecodes.c=20 > % graphics/clutter-qt Makefile distinfo pkg-descr pkg-plist=20 > % graphics/librsvg Makefile distinfo pkg-descr pkg-plist=20 > % graphics/librsvg/files patch-Makefile.in patch-configure=20 > % patch-librsvg-config.in patch-rsvg-ft.c=20 > % patch-test-ft-gtk.c patch-test-ft.c=20 > % graphics/p5-clutter Makefile distinfo pkg-descr pkg-plist=20 > % Log: > % 2011-11-06 devel/soup: Unmaintain, use devel/libsoup > % 2011-11-06 graphics/clutter-qt: upstream distfile and doesn't build, a= nd %doesn't seem to be developed anymore > % 2011-11-06 graphics/p5-clutter: upstream distfile disappeard, and does= n't seem to be developed anymore > % 2011-11-06 graphics/librsvg: unmaintained and not used anymore >=20 > I just cannot get the commit message. librsvg -- not used by whom? Perso= nally, > I used it in one of my older projects (~ 10 years old) which I don't plan > to rework to use rsvg2/gtk2 because it doesn't make sense for it. So how > do I use my project now on FreeBSD? >=20 > It's also a lie that it's not maintained, it's maintained by ports@ maili= ng > list and the community. So please, restore it. >=20 > The same also probably goes for other ports, but I don't have enough deta= ils > to comment. >=20 > Thanks! >=20 They have been deprecated for a while and noone said anything about those, = that is the purpose of the DEPRECATED status. The "not used anymore" mean not us= ed in the portstree (ie no more depended on). If someone really needs it, he can:=20 1- install it by hand 2- maintain the port 3- just come up when someone deprecate it saying please undeprecate I really need it. 4- they should be a lot more options. I has been deprecated and removed just because upstream don't maintain it, = no one looks at the "maybe" security problem if any etc. Of course it could have been a mistake to remove this one in particular, in= that case sorry about that. Concerning the fact that it is "maintained" by ports@, if it would really b= e the case why it is still in the tree while it depends on libxml1 for which in a= bout 5s I find a security issue: http://web.nvd.nist.gov/view/vuln/detail?vulnId=3DCVE-2011-1944 which hasn'= t been reported and hasn't been fixed at all, which means librsvg1 is also vulnera= ble.=20 the problem is that those ports abandonned upstream are not really maintain anymore, and can lead to a real security problem. note that I don't know yet how the libxml1 vulnerability can have an impact= on librsvg, this is just a 5s example. regards, Bapt --cHMo6Wbp1wrKhbfi Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk66/aMACgkQ8kTtMUmk6EzotgCeJRvAVJSnczBly9wcoPPKE7vu NWwAoI0IXqgotjxCz01lixcWQFwKJmL0 =iEbd -----END PGP SIGNATURE----- --cHMo6Wbp1wrKhbfi--