From owner-freebsd-ports Sun Jul 23 10:13:40 2000 Delivered-To: freebsd-ports@freebsd.org Received: from blues.jpj.net (blues.jpj.net [204.97.17.146]) by hub.freebsd.org (Postfix) with ESMTP id 40E7037BC92 for ; Sun, 23 Jul 2000 10:13:37 -0700 (PDT) (envelope-from trevor@jpj.net) Received: from localhost (trevor@localhost) by blues.jpj.net (right/backatcha) with ESMTP id e6NHD6721267; Sun, 23 Jul 2000 13:13:06 -0400 (EDT) Date: Sun, 23 Jul 2000 13:13:06 -0400 (EDT) From: Trevor Johnson To: SADA Kenji Cc: freebsd-ports@FreeBSD.ORG, girgen@partitur.se, obrien@NUXI.com, lioux@uol.com.br Subject: Re: Kill Netscape us ports and version 4.08. (was Re: Netscape browsers us versions avail. abroad) In-Reply-To: <200007231554.AAA89214@home.bsdclub.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Netscape ports users and maintainers, > > I'm planning to use c/n-v474-us.x86-unknown-freebsd.tar.gz > as distfiles of www/netscape47-c/n ports. > In other words, Netscape us ports would be removed. > > Also I'm planning to remove Netscape-4.08 ports and make > www/netscape47-c as MASTERDIR. Anyone needs those ports today ? A couple of months ago (or so) someone proposed removing the old versions. Someone else countered by saying that the newer ones consume more memory than some users can spare. No one mentioned the numerous security bugs in the old versions. Maybe they should at least carry a warning, something like "if you are going to use these on the Internet, not just for viewing files on your hard drive, read http://www.nat.bg/~joro/netscape.html first". > >> (http://www.FreeBSD.org/cgi/query-pr.cgi?pr=20109) for the > >> bsdi-netscape47-communicator.us and bsdi-netscape47-navigator.us ports. > > Have you nominated me to be in charge of that PR ? (so I'm proud of it :) Yes, thanks for noticing it. It needs checksums added to your netscape4-communicator port, and you took care of the last updates I sent in. > >> It looks like Netscape/AOL has decided to only provide 128-bit SSL with > >> the new version. However, people in a few countries--Cuba, Libya, the > >> Sudan, North Korea, Serbia, and probably some I forgot--are asked not to > >> download it. If I were them, I doubt that I'd be keen on using anything > >> from the USA, or that I'd care about consequences for Netscape/AOL. > >> However, if someone gives me something with conditions attached, and I > >> promise to abide by the conditions, I feel better when I don't break my > >> word. I don't mind doing a little work to maintain the 40-bit Netscape > >> ports, for honest users in those places. > > Are you saying that we need www/netscape473-c/n and/or something ? It looks to me like the only reason for the 4.73 version was to try to fix the SSL problem described in http://www.cert.org/advisories/CA-2000-05.html . However, http://www.cert.org/advisories/CA-2000-08.html says there's still a similar problem in 4.73. The "international" versions have crippled SSL anyway, unless Fortify is used. The Fortify people stopped development after Netscape 4.72. In light of all that, I think version 4.72 would be best for the users I mentioned. If you're looking to remove some, but not all, of the "international" Netscape ports, I don't have much to say for my BSDI ones. They're only for i386; they don't run many of the binary-only plugins. They're just meant as a convenience for people who have trouble with the separate a.out libraries. -- Trevor Johnson http://jpj.net/~trevor/gpgkey.txt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message