From nobody Sat Nov 20 01:07:28 2021
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A1633189DD51
	for <ports@mlmmj.nyi.freebsd.org>; Sat, 20 Nov 2021 01:07:39 +0000 (UTC)
	(envelope-from sobomax@sippysoft.com)
Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4HwwPR3qr5z3vM1
	for <ports@freebsd.org>; Sat, 20 Nov 2021 01:07:39 +0000 (UTC)
	(envelope-from sobomax@sippysoft.com)
Received: by mail-ed1-f51.google.com with SMTP id w1so49646673edc.6
        for <ports@freebsd.org>; Fri, 19 Nov 2021 17:07:39 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=/ueZnDQRluvRLGRZHNsPHdMlS6f7QdHW1F1VMeLjWtQ=;
        b=eay6QOnTCopn3e/ZmcpZu+JpsphRp48KAXzYkWxe2mLTdcPZr/3q+ekImZCE2bZNYq
         irC40sCXTKKaOk6kbSKCaQdIICmg/XjJeZwNbadVHHiG5zqtS73gjnHVoQ9SdjLlfyhT
         zDRbg+G1ZCmftjiv5f4+d0Es+cJ/mcoUR3p1Zb1I4prbg0gY54oRBwSd97sI6dOu0EDP
         hdAlPl5E/hAHsxZwWzDKzzOfwyN67eBTQnpwBHUQGXxpYrgX0W0/04//YfYgE7HEF+Bm
         sAfx9atItKNG7ZPzp26kh+cFEHliyqnPss/ZNGlevuXAcNyR5XAxFUouwOBFWKj2f28L
         N0VQ==
X-Gm-Message-State: AOAM533/RcRBE/PXjVYz998FUxIMn4Df5+A+VTIf29/WT23UNrVLClS6
	vkdmM5jqGUitJW7KCcjslT5qd/cNKhKlnx0OSYEVcnRdD3U=
X-Google-Smtp-Source: ABdhPJySsO69gju2SbyLMoJwKTRng9WmVxTHxRBRXR7S2WabpYVKuJmRmfeUdZ2UZQLZgLwtzs8nDas5Garvsu/tuMo=
X-Received: by 2002:a05:6402:455:: with SMTP id p21mr31709685edw.384.1637370458419;
 Fri, 19 Nov 2021 17:07:38 -0800 (PST)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
References: <CAH7qZfvBQ0gKEdOn7nTuzAbMOG9LM2DVGyUs9b9PGwNgJTDCAw@mail.gmail.com>
 <CAH7qZfu32O8G2bDboOu4oXJTnofu_73OkU5aNodB7k+7xh+3UA@mail.gmail.com>
 <YZTWdBIF7MhjLqqC@freefall.freebsd.org> <eb522655-e199-62f2-1a02-b0ae16143421@grosbein.net>
 <09b3a479-5aca-7524-bcee-f03754fefd7c@bluerosetech.com>
In-Reply-To: <09b3a479-5aca-7524-bcee-f03754fefd7c@bluerosetech.com>
From: Maxim Sobolev <sobomax@freebsd.org>
Date: Fri, 19 Nov 2021 17:07:28 -0800
Message-ID: <CAH7qZfsmKvXecKbbNaXho_K1ajVM0S7pLYH3Ju04foLrYc-bfA@mail.gmail.com>
Subject: Re: Bringing back lang/python27 with few modules?
To: Mel Pilgrim <list_freebsd@bluerosetech.com>
Cc: Eugene Grosbein <eugen@grosbein.net>, Rene Ladan <rene@freebsd.org>, ports@freebsd.org, 
	portmgr@freebsd.org, python@freebsd.org
Content-Type: multipart/alternative; boundary="0000000000008a4a5805d12e04da"
X-Rspamd-Queue-Id: 4HwwPR3qr5z3vM1
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Spamd-Result: default: False [-4.00 / 15.00];
	 REPLY(-4.00)[]
X-ThisMailContainsUnwantedMimeParts: Y

--0000000000008a4a5805d12e04da
Content-Type: text/plain; charset="UTF-8"

Well with regards to a language port, "vulnerability" has somewhat dubious
applicability. For sure there are many ways to write an insecure C program
allowed by the language itself. Shall we consider all C compilers
inheretedly bad based on just that?

Bottom line is that having well supported python 2 tools and environment
remains quite useful thing to have for a lot of FreeBSD users out there.
And this need is unlikely to go away in the next 2-3 years to come.

-Max

On Fri., Nov. 19, 2021, 2:41 p.m. Mel Pilgrim, <
list_freebsd@bluerosetech.com> wrote:

> On 2021-11-18 0:43, Eugene Grosbein wrote:
> > 17.11.2021 17:16, Rene Ladan wrote:
> >> On Wed, Nov 17, 2021 at 12:37:07AM -0800, Maxim Sobolev wrote:
> >>> P.S. AFAIK our documented criteria for removing a port is when one of
> the
> >>> following is true:
> >>>   o Port lacks maintaintership;
> >>>   o Port has issues building on supported releases;
> >>>   o Port clearly has no users/use;
> >>>   o Port has some serious security issues.
> >>>
> >>> The lang/python27 did not belong to either of those bins, IMHO.
> >>
> >> "Unmaintained upstream" is also a criterion, and Python 2.7 fits there.
> >
> > This is bad criterion for open source software and should not be
> considered without other reasons
> > like "unfetchable" or "has known critical vulnerabilities".
>
> It very likely has known critical vulnerabilities.  For example,
> CVE-2021-3177 is a potential RCE bug in Python 3.x.  It was officially
> fixed upstream, and the backported fix is found in Python 2.7 LTS
> contracts.
>
>

--0000000000008a4a5805d12e04da--