Date: Mon, 29 Aug 2011 22:48:31 -0700 From: Doug Barton <dougb@FreeBSD.org> To: "freebsd-ports@FreeBSD.org" <freebsd-ports@FreeBSD.org>, secteam@FreeBSD.org Subject: Why do we not mark vulnerable ports DEPRECATED? Message-ID: <4E5C79AF.6000408@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
I'm doing some updates and came across mail/postfix-policyd-spf which relies on mail/libspf2-10. The latter had a vuxml entry added on 2008-10-27. So my question is, why has mail/libspf2-10 been allowed to remain in the tree vulnerable for almost 3 years? Wouldn't it make more sense to mark vulnerable ports DEPRECATED immediately with a short expiration? When they get fixed they get un-deprecated. If they don't, they get removed. Can someone explain why this would be a bad idea? Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E5C79AF.6000408>