From owner-freebsd-ports@FreeBSD.ORG Tue Aug 30 15:47:47 2011 Return-Path: Delivered-To: freebsd-ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC2F4106564A for ; Tue, 30 Aug 2011 15:47:47 +0000 (UTC) (envelope-from code@apotheon.net) Received: from oproxy6-pub.bluehost.com (oproxy6.bluehost.com [IPv6:2605:dc00:100:2::a6]) by mx1.freebsd.org (Postfix) with SMTP id 8DA2A8FC12 for ; Tue, 30 Aug 2011 15:47:47 +0000 (UTC) Received: (qmail 17555 invoked by uid 0); 30 Aug 2011 15:47:47 -0000 Received: from unknown (HELO box543.bluehost.com) (74.220.219.143) by cpoproxy3.bluehost.com with SMTP; 30 Aug 2011 15:47:47 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=apotheon.net; s=default; h=In-Reply-To:Content-Type:Mime-Version:References:Message-ID:Subject:To:From:Date; bh=LyOsuhMnbuLQN4TNsrKqiRfXGGCUdviPb/xqmPlWJh4=; b=uALMTfJbMCM0zwND7tMk+05BufglPdLXuadBqLQbpFEIpm0T2d0oS8qeml8m0LTSTV53FlUeMEKZ2HRKj44bgfz4BfO5JGY6cyXpBGuXOOF2HcfmCMz0VdqSO2R3w0A8; Received: from c-24-8-180-234.hsd1.co.comcast.net ([24.8.180.234] helo=kukaburra.hydra) by box543.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1QyQXS-0004zR-4t for freebsd-ports@FreeBSD.org; Tue, 30 Aug 2011 09:47:47 -0600 Received: by kukaburra.hydra (sSMTP sendmail emulation); Tue, 30 Aug 2011 09:29:20 -0600 Date: Tue, 30 Aug 2011 09:29:20 -0600 From: Chad Perrin To: "freebsd-ports@FreeBSD.org" Message-ID: <20110830152920.GB69850@guilt.hydra> Mail-Followup-To: "freebsd-ports@FreeBSD.org" References: <4E5C79AF.6000408@FreeBSD.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Pd0ReVV5GZGQvF3a" Content-Disposition: inline In-Reply-To: <4E5C79AF.6000408@FreeBSD.org> User-Agent: Mutt/1.4.2.3i X-Identified-User: {2737:box543.bluehost.com:apotheon:apotheon.org} {sentby:smtp auth 24.8.180.234 authed with ren@apotheon.org} Cc: Subject: Re: Why do we not mark vulnerable ports DEPRECATED? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Aug 2011 15:47:47 -0000 --Pd0ReVV5GZGQvF3a Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 29, 2011 at 10:48:31PM -0700, Doug Barton wrote: > I'm doing some updates and came across mail/postfix-policyd-spf which > relies on mail/libspf2-10. The latter had a vuxml entry added on > 2008-10-27. So my question is, why has mail/libspf2-10 been allowed to > remain in the tree vulnerable for almost 3 years? >=20 > Wouldn't it make more sense to mark vulnerable ports DEPRECATED > immediately with a short expiration? When they get fixed they get > un-deprecated. If they don't, they get removed. Can someone explain why > this would be a bad idea? Might that not interfere with the process of getting a new maintainer for a popular port when its previous maintainer has been lax (or hit by a bus)? --=20 Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] --Pd0ReVV5GZGQvF3a Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk5dAdAACgkQ9mn/Pj01uKXUhwCfd97T/7PGcPPreozRhQTZaOrk iNwAoONQx/zcf3nZD7iweK1gNdG9E2CQ =mPm0 -----END PGP SIGNATURE----- --Pd0ReVV5GZGQvF3a--