From owner-cvs-all  Sat Oct 12 22:24:53 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8699737B401; Sat, 12 Oct 2002 22:24:51 -0700 (PDT)
Received: from thuvia.demon.co.uk (thuvia.demon.co.uk [193.237.34.248])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 4A37643EA3; Sat, 12 Oct 2002 22:24:48 -0700 (PDT)
	(envelope-from mark@thuvia.demon.co.uk)
Received: from dotar.thuvia.org (dotar.thuvia.org [10.0.0.4])
	by phaidor.thuvia.org (8.12.3/8.12.3) with ESMTP id g9D5OdcF001378;
	Sun, 13 Oct 2002 06:24:41 +0100 (BST)
	(envelope-from mark@thuvia.demon.co.uk)
Received: from dotar.thuvia.org (localhost [IPv6:::1])
	by dotar.thuvia.org (8.12.6/8.12.6) with ESMTP id g9D5OcP0094122;
	Sun, 13 Oct 2002 06:24:38 +0100 (BST)
	(envelope-from mark@dotar.thuvia.org)
Received: (from mark@localhost)
	by dotar.thuvia.org (8.12.6/8.12.6/Submit) id g9D5Obe1094121;
	Sun, 13 Oct 2002 06:24:37 +0100 (BST)
Date: Sun, 13 Oct 2002 06:24:37 +0100 (BST)
From: Mark Valentine <mark@thuvia.demon.co.uk>
Message-Id: <200210130524.g9D5Obe1094121@dotar.thuvia.org>
In-Reply-To: <20021013051222.GA5739@xor.obsecurity.org>
X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98)
To: Kris Kennaway <kris@obsecurity.org>
Subject: Re: cvs commit: ports/mail Makefile ports/mail/mh Makefile distinfo pkg-comment pkg-descr pkg-plist ports/mail/mh/files patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao ...
Cc: Kris Kennaway <kris@freebsd.org>, cvs-committers@freebsd.org,
	cvs-all@freebsd.org
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

> From: Kris Kennaway <kris@obsecurity.org>
> Date: Sat 12 Oct, 2002
> Subject: Re: cvs commit: ports/mail Makefile ports/mail/mh Makefile distinfo pkg-comment pkg-descr pkg-plist ports/mail/mh/files patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao 

> > Aren't insecure ports still useful in environments where security isn't an
> > issue?
> 
> Perhaps, but I don't think that's a suitable justification for leaving
> it to rot untouched in the ports collection forever.

That's another issue.  How many ports without known security problems
have no maintainer, haven't been touched in ages but continue to build
and be useful?

If something fails to build, mark it broken, sure.  If someone cares
they'll fix it - and there'll still be people who get it building for
themselves using the port as a basis, even if the fix isn't fed back.

Removing even a broken port makes the existing patches less available
as a starting point.

I'd rather see a seperate INSECURE knob and a make.conf knob to say
"don't care, build it anyway, maybe even tell me it's insecure".

		Cheers,

		Mark.

-- 
Mark Valentine, Thuvia Labs <mark@thuvia.co.uk>       <http://www.thuvia.co.uk>
"Tigers will do ANYTHING for a tuna fish sandwich."       Mark Valentine uses
"We're kind of stupid that way."   *munch* *munch*        and endorses FreeBSD
  -- <http://www.calvinandhobbes.com>                  <http://www.freebsd.org>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message