Date: Sat, 13 Oct 2018 12:38:04 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Mathieu Arnold <mat@FreeBSD.org> Cc: Cy Schubert <Cy.Schubert@cschubert.com>, Cy Schubert <cy@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r481982 - head/net/vtun Message-ID: <201810131938.w9DJc4uI079952@slippy.cwsent.com> In-Reply-To: Message from Mathieu Arnold <mat@FreeBSD.org> of "Sat, 13 Oct 2018 17:21:10 %2B0200." <20181013152110.u4bntvvq6nzwsdt7@atuin.in.mat.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20181013152110.u4bntvvq6nzwsdt7@atuin.in.mat.cc>, Mathieu Arnold wr ites: > On Sat, Oct 13, 2018 at 07:03:11AM -0700, Cy Schubert wrote: > > In message <20181013135352.gyms2no5k72tfc5g@atuin.in.mat.cc>, Mathieu=20 > > Arnold wr > > ites: > > >=20 > > > > > > --xnck4ywzpnv2sc5x > > > Content-Type: text/plain; charset=3Dus-ascii > > > Content-Disposition: inline > > > Content-Transfer-Encoding: quoted-printable > > > > > > On Sat, Oct 13, 2018 at 01:33:58PM +0000, Cy Schubert wrote: > > > > Author: cy > > > > Date: Sat Oct 13 13:33:58 2018 > > > > New Revision: 481982 > > > > URL: https://svnweb.freebsd.org/changeset/ports/481982 > > > >=3D20 > > > > Log: > > > > Deprecate and expire net/vtun. It is no longer maintained by our > > > > upline. Bishop Clark, our upline, in response to my question if he > > > > had any plans to support OpenSSL 1.1.X, his reply was that about > > > > six months ago he asked to hand the project off to anyone who > > > > wanted it. There were no takers. > > > > =3D20 > > > > The VTUN project is dead. It's time to cut it loose. > > > > > > It no longer builds on HEAD, it still builds fine on 10 and 11, and > > > according to https://www.freebsd.org/security/, 11's branch line is > > > supported until 2021, so it will continue to function until that time. > >=20 > > Yes but VTUN development has stopped. Bishop Clark (former workmate of=20 > > mine) has no interest in continuing support of VTUN and nobody else=20 > > wants to work on it. The VTUN project is dead. Any future security=20 > > advisories will not be addressed. > > Mmmm, ok, then if a security problem arise, remove it, but right now it > works just fine. Fair enough, however our customer base will need to understand that support is on a best effort basis. We should be able to handle simple adjustments but anything serious, that would normally be pushed upline, would result in it being flagged BROKEN or IGNORE. I don't think we want to get into a situation whereby there is a serious security hole or a PR that requires upline support or failing that it requires serious hacking of the port to resolve a non-trivial PR. When is OpenSSL 1.0.2 EOL? Should we put a deprecate notice in security/openssl for the date openssl.org deorbits it? I can expire it in 2021 when 11 goes EOL or when openssl.org deorbits OpenSSL 1.0.2, whichever is later. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810131938.w9DJc4uI079952>