Date: Sat, 16 Mar 2024 11:03:44 +0100 From: Daniel Engberg <daniel.engberg.lists@pyret.net> To: Eugene Grosbein <eugen@grosbein.net> Cc: Florian Smeets <flo@FreeBSD.org>, ports@freebsd.org Subject: Re: Proposed ports deprecation and removal policy Message-ID: <49c4e69ffb5cec7b71d4b8e01f628ae7@mail.infomaniak.com> In-Reply-To: <8212dd5a-bcc2-e214-0373-6dbfddef65c2@grosbein.net> References: <435edf7c-a956-4317-b327-3372de70dbef@FreeBSD.org> <1c5b7818-842f-f7b8-9d4e-5bf681cad20e@grosbein.net> <c5e3e5d2d058d90777828b88a0f1506e@mail.infomaniak.com> <64c7435c-2d69-1f62-ba7c-30812860a457@grosbein.net> <9646fd5d0666c8e57795ea1b370b6af1@mail.infomaniak.com> <b10cc27c-d2f9-5c81-115b-2f577ff6f825@grosbein.net> <7a7501f71442d27f6d8c1c0a16f247c1@mail.infomaniak.com> <8212dd5a-bcc2-e214-0373-6dbfddef65c2@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2024-03-15T08:25:10.000+01:00, Eugene Grosbein <eugen@grosbein.net> wrot= e: > 15.03.2024 3:37, Daniel Engberg wrote: >=20 > > On 2024-03-12T15:15:49.000+01:00, Eugene Grosbein <eugen@grosbein.ne= t> wrote: > >=20 > > > 12.03.2024 3:24, Daniel Engberg =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > > >=20 > > > [skip] > > >=20 > > >=20 > > >=20 > > > > Another possible option would be to add something to the port= 's matedata that makes pkg aware and easy notiable > > > > like using a specific color for portname and related information = to signal > > > > like if it's red it means abandonware and potentially reduced sec= urity. > > > =20 > > > Of course, we need to inform users but not enforce. Tools, not polic= y. > > >=20 > > Eugene > > =20 > > Hi, > > =20 > > Given that we seem to agree on these points in general why should such= ports still be kept in the tree? > =20 > A port should be kept in the tree until it works and has no known securit= y problems, not imaginable. >=20 >=20 > > We don't have such tooling available and it wont likely happen anyti= me soon. > > Because it's convenient for a committer who uses these in a controlled= network despite being potentially harmful for others? > =20 > "Potentially harmful" is not valid reason to remove a port. Look at vulne= rability history of any modern web browser. > We know they are full of security holes. All of them. And will be despite= of being supported by developers, it does not matter in fact. > Old software is often much more simple and secure despite of lack of supp= ort. >=20 > Do not remove ports just due to theorizing. >=20 Eugene A key difference is though that browsers such as Firefox or Chromium are ma= intained upstream including reporting etc. That's a very different matter c= ompared to using even a deprecated version upstream of lets say Apache (1.3= .x for example). I agree it's a difficult topic and I think for the sake us= er expenience/friendliness (if we are to take that into accout) apart from = the rest of potential issues most will not scour the internet to determine = this. Best regards, Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49c4e69ffb5cec7b71d4b8e01f628ae7>