From owner-freebsd-ports@FreeBSD.ORG Tue Sep 19 22:23:02 2006 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFB3416A407 for ; Tue, 19 Sep 2006 22:23:02 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7BE8643D45 for ; Tue, 19 Sep 2006 22:23:02 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 5FC981A4D88; Tue, 19 Sep 2006 15:23:02 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id A6193515F7; Tue, 19 Sep 2006 18:23:00 -0400 (EDT) Date: Tue, 19 Sep 2006 18:23:00 -0400 From: Kris Kennaway To: Fred Cox Message-ID: <20060919222300.GA50048@xor.obsecurity.org> References: <20060919220905.GA49727@xor.obsecurity.org> <20060919221806.17148.qmail@web31813.mail.mud.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="liOOAslEiF7prFVr" Content-Disposition: inline In-Reply-To: <20060919221806.17148.qmail@web31813.mail.mud.yahoo.com> User-Agent: Mutt/1.4.2.2i Cc: freebsd-ports@freebsd.org, Kris Kennaway Subject: Re: www/dotproject out of date and vulnerable X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2006 22:23:02 -0000 --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 19, 2006 at 03:18:01PM -0700, Fred Cox wrote: > It's current state is that it will install a > vulnerable version with either the installed php and > mysql client or php5 and mysql5. In the latter case, > there are many bugs in the installed port. >=20 > If I submit what I have now, it will install the > updated version with PHP4. The user will still have > to track down the mysql problem until I can do the > right thing, but there will be a period of time while > I learn about making a port from scratch. >=20 > I'm trying to get a read on whether imperfect > improvement is worth checking in, or whether the > typical thing is to wait for perfection, even if that > might take a while. "Will fail to package" is pretty far from perfection in my book :) Mark the port FORBIDDEN if you have to, but a port that will not build with default settings should not be committed. Kris --liOOAslEiF7prFVr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFEG3EWry0BWjoQKURAvfcAJ0eu5Zi5F/4PjZqBikULJerrdyRZgCgsoy6 ftMjIGxlYGHZ7jedqUuEvvg= =adxF -----END PGP SIGNATURE----- --liOOAslEiF7prFVr--