Date: Wed, 27 Apr 2011 14:37:48 -0700 From: Charlie Kester <corky1951@comcast.net> To: freebsd-ports@freebsd.org Subject: Re: saving a few ports from death Message-ID: <20110427213748.GK38579@comcast.net> In-Reply-To: <BANLkTin4XSY3CBi%2BXnDjb-Nzu-mJk=yU5w@mail.gmail.com> References: <20110426163424.GB38579@comcast.net> <20110426141209.0d07bccf@seibercom.net> <20110426184315.GA2320@libertas.local.camdensoftware.com> <19895.13977.553973.609431@jerusalem.litteratus.org> <4DB83D6E.9000800@aldan.algebra.com> <BANLkTik_65bxMgiQMyy1aojDuDjb6BX%2BgQ@mail.gmail.com> <4DB876AE.9050906@aldan.algebra.com> <20110427204723.GA74591@atarininja.org> <4DB882C8.8090604@aldan.algebra.com> <BANLkTin4XSY3CBi%2BXnDjb-Nzu-mJk=yU5w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed 27 Apr 2011 at 14:05:57 PDT Eitan Adler wrote: >>> apache13 is EOL upstream. We should not have ports for EOL software. >> >> Why not, exactly?.. > >What happens if a security hole or a bug is found? Are we the ones to >fix it? No. The rule of caveat emptor should apply. We don't warranty anything else in the portstree, why would you think that there's an implied warranty in this scenario? >If yes are we to host the patches? The question is moot, given a negative answer to the preceding one. >Where should the bug reports go to - our bug tracker? If they do get submitted there, they should be immediately closed as "Won't Fix". >What if our implementation ceases to match established documentation? >Should we host the docs too? Same answers as above. > >The ports collection is one of *third party* software (with a couple >of small exceptions). If the third party says "this program is done, >has bugs which won't be fixed, etc" we should no longer support it. Keeping it in the tree != obligation to provide support, i.e., bugfixes for anything except the port Makefile and other port-related files. As long as there's a maintainer willing to do the work to keep it running (warts and all) on the currently-supported FreeBSD releases, I don't see any reason why it can't be kept in the tree. >>> >>> If upstream says it's dead, who are we to keep it alive? >> >> We are a major Operating System project, which maintains ports of >> third-party applications for the convenience of our users. An >> EOL-declaration by the authors does not mean, the users must stop using it >> immediately -- it simply says, the authors will not be releasing >> updates/bug-fixes. > >Correct. However (a) if the third party gave an upgrade path we should >encourage our users to use it and (b) if there *are* known bugs and >especially security holes we should cease to make it available through >our tree. Agree with (a) but maybe not (b). That's a decision that should be left to the users. > > If a user says "I found an issue with X and it is EOL upstream" the >correct response is to "upgrade to a supported version". See above. >However this discussion is different to the one that we started with >(namely that of deprecated ports) so lets try and get back on track :-) Actually, it's a closely related question.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110427213748.GK38579>