Date: Wed, 27 Apr 2011 17:05:57 -0400 From: Eitan Adler <lists@eitanadler.com> To: "Mikhail T." <mi+thun@aldan.algebra.com> Cc: Wesley Shields <wxs@freebsd.org>, Robert Huff <roberthuff@rcn.com>, Chip Camden <sterling@camdensoftware.com>, freebsd-ports@freebsd.org Subject: Re: saving a few ports from death Message-ID: <BANLkTin4XSY3CBi%2BXnDjb-Nzu-mJk=yU5w@mail.gmail.com> In-Reply-To: <4DB882C8.8090604@aldan.algebra.com> References: <4DB6165F.1010806@FreeBSD.org> <20110426024122.GA38579@comcast.net> <A9C17565-97D8-43F1-9CF7-8CFC79EFEA7B@FreeBSD.org> <20110426163424.GB38579@comcast.net> <20110426141209.0d07bccf@seibercom.net> <20110426184315.GA2320@libertas.local.camdensoftware.com> <19895.13977.553973.609431@jerusalem.litteratus.org> <4DB83D6E.9000800@aldan.algebra.com> <BANLkTik_65bxMgiQMyy1aojDuDjb6BX%2BgQ@mail.gmail.com> <4DB876AE.9050906@aldan.algebra.com> <20110427204723.GA74591@atarininja.org> <4DB882C8.8090604@aldan.algebra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> apache13 is EOL upstream. We should not have ports for EOL software. > > Why not, exactly?.. What happens if a security hole or a bug is found? Are we the ones to fix it? If yes are we to host the patches? Where should the bug reports go to - our bug tracker? What if our implementation ceases to match established documentation? Should we host the docs too? The ports collection is one of *third party* software (with a couple of small exceptions). If the third party says "this program is done, has bugs which won't be fixed, etc" we should no longer support it. >> >> If upstream says it's dead, who are we to keep it alive? > > We are a major Operating System project, which maintains ports of > third-party applications for the convenience of our users. An > EOL-declaration by the authors does not mean, the users must stop using it > immediately -- it simply says, the authors will not be releasing > updates/bug-fixes. Correct. However (a) if the third party gave an upgrade path we should encourage our users to use it and (b) if there *are* known bugs and especially security holes we should cease to make it available through our tree. If a user says "I found an issue with X and it is EOL upstream" the correct response is to "upgrade to a supported version". However this discussion is different to the one that we started with (namely that of deprecated ports) so lets try and get back on track :-) -- Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTin4XSY3CBi%2BXnDjb-Nzu-mJk=yU5w>