From owner-freebsd-ports@FreeBSD.ORG Mon Mar 26 06:30:30 2012 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DD4911065670; Mon, 26 Mar 2012 06:30:30 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BE97E8FC1C; Mon, 26 Mar 2012 06:30:30 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q2Q6UUJr027958; Mon, 26 Mar 2012 06:30:30 GMT (envelope-from bapt@FreeBSD.org) Received: (from bapt@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q2Q6UUXh027942; Mon, 26 Mar 2012 06:30:30 GMT (envelope-from bapt@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: bapt set sender to bapt@FreeBSD.org using -f Date: Mon, 26 Mar 2012 08:30:25 +0200 From: Baptiste Daroussin To: Konstantin Belousov Message-ID: <20120326063024.GB7318@azathoth.lan> References: <4F6F14AF.9070501@filez.com> <20120325151816.GZ2358@deviant.kiev.zoral.com.ua> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xXmbgvnjoT4axfJE" Content-Disposition: inline In-Reply-To: <20120325151816.GZ2358@deviant.kiev.zoral.com.ua> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: ports@FreeBSD.org, pgsql@FreeBSD.org, Chris Rees , Radim Kolar Subject: Re: Postgresql 8.2 branch - keep it in tree X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Mar 2012 06:30:30 -0000 --xXmbgvnjoT4axfJE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 25, 2012 at 06:18:16PM +0300, Konstantin Belousov wrote: > On Sun, Mar 25, 2012 at 12:54:36PM +0000, Chris Rees wrote: > > On 25 Mar 2012 13:51, "Radim Kolar" wrote: > > > > > > please do not remove this pgsql branch. its newest branch using old > > postgresql-contrib full text search engine. Upgrading to 8.3+ is not > > possible for such applications. > >=20 > > I'm afraid it's not only end of life by upstream, but also vulnerable in > > more than one CVE, and will not be fixed. > Why is presence of a CVE relevant for 90% of all port users ? How are we supposed to know how people are using the ports? It is impossibl= e to know how much the CVE will impact our users, keeping ports with known unfix= ed CVE is proposing potentially risky software to our users, which is not acceptab= le. If upstream has dropped their support for a given version, a maintainer has= two choices: do himself the active support instead of upstream, or follow upstr= eam policy and drop the port. regards, Bapt --xXmbgvnjoT4axfJE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk9wDQAACgkQ8kTtMUmk6ExUFACgnxWGEXSgAf+LB9LVn5avnrob azAAoKLQgnLjDO48IHsh1Rr59V/2VFl/ =8x8b -----END PGP SIGNATURE----- --xXmbgvnjoT4axfJE--