Date: Sat, 16 Mar 2024 11:28:52 +0100 From: Michael Gmelin <grembo@freebsd.org> To: void <void@f-m.fm> Cc: ports@freebsd.org Subject: Re: Proposed ports deprecation and removal policy Message-ID: <883C5440-68BE-4ECC-9CB6-E30253E931C9@freebsd.org> In-Reply-To: <496936f9-b925-4dd4-9e86-6220088fb964@app.fastmail.com> References: <496936f9-b925-4dd4-9e86-6220088fb964@app.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 16. Mar 2024, at 10:45, void <void@f-m.fm> wrote: >=20 > =EF=BB=BFOn Sat, 16 Mar 2024, at 08:28, Miroslav Lachman wrote: >=20 >> For vulnerabilities, there is VuXML and pkg audit, not removing=20 >> vulnerable port from the tree. >=20 > I'm talking about *moving* them to a *different* tree, with different=20 > priorities, so preserving choice while implicitly informing of risks, > and decreasing the maintenance burden to those running port infra. > I'd imagine some threshold would need to be decided on. >=20 >> If you are asking to remove ports without maintainer, you are asking to=20= >> remove 3458 ports right now, and many others depends on these=20 >> unmaintained ports, so the impact will be much bigger. >> Some unmaintained ports are almost vital - for example without=20 >> virtual_oss you cannot use Bluetooth headphones / speakers connected to=20= >> FreeBSD. >=20 > I'm not asking to remove anything, just move to a different tree. Yeah, it=E2=80=99s like after a failed investment your money is not really g= one, it=E2=80=99s just somewhere else. > People could > follow one or the other depending on their (for example) security posture.= =20 > They'd be able to easily make an informed choice. > --=20 Seriously, the =E2=80=9Cother=E2=80=9D tree would rot in no time, this is no= t practical (it=E2=80=99s also interesting how the discussion moved from =E2= =80=98ports unmaintained upstream=E2=80=99 to =E2=80=98ports without a maint= ainer=E2=80=99). If the goal is to have a pure system nobody uses, please go= ahead. I (still) think an approach where `pkg audit`warns about unmaintained ports (= and ports without an upstream maintainer), maybe even having config options t= hat prevent the installation of such ports - which could be on by default - w= ould be a way to allow people to make informed decisions without removing th= ese ports from the tree. -m
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?883C5440-68BE-4ECC-9CB6-E30253E931C9>