From owner-freebsd-ports@FreeBSD.ORG  Tue Jan  8 22:59:32 2013
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 78F5177C
 for <freebsd-ports@freebsd.org>; Tue,  8 Jan 2013 22:59:32 +0000 (UTC)
 (envelope-from freebsd-ports@m.gmane.org)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 2797815C
 for <freebsd-ports@freebsd.org>; Tue,  8 Jan 2013 22:59:32 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <freebsd-ports@m.gmane.org>) id 1Tsi91-0005gF-Gj
 for freebsd-ports@freebsd.org; Tue, 08 Jan 2013 23:59:43 +0100
Received: from a91-154-115-217.elisa-laajakaista.fi ([91.154.115.217])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <freebsd-ports@freebsd.org>; Tue, 08 Jan 2013 23:59:43 +0100
Received: from rakuco by a91-154-115-217.elisa-laajakaista.fi with local
 (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
 for <freebsd-ports@freebsd.org>; Tue, 08 Jan 2013 23:59:43 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-ports@freebsd.org
From: Raphael Kubo da Costa <rakuco@FreeBSD.org>
Subject: Re: Why delete KDE3 ports?
Date: Wed, 09 Jan 2013 00:59:15 +0200
Lines: 19
Message-ID: <87mwwjnuws.fsf@FreeBSD.org>
References: <mailman.202.1357547625.2166.freebsd-ports@freebsd.org>
 <50EADA33.9010308@aldan.algebra.com> <50EB16B2.4070502@FreeBSD.org>
 <50EB1991.8010400@marino.st>
 <CA+tpaK1t4TUPeAZATVPO=KZPdwk4aksMDGeWxiMP7HCLcM8S_g@mail.gmail.com>
 <87txqro2jw.fsf@FreeBSD.org> <50EC8004.4020106@marino.st>
Mime-Version: 1.0
Content-Type: text/plain
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: a91-154-115-217.elisa-laajakaista.fi
User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.2 (berkeley-unix)
Cancel-Lock: sha1:O1WSN2ltFZu++f1+icpON+174Dk=
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jan 2013 22:59:32 -0000

John Marino <freebsdml@marino.st> writes:

> On 1/8/2013 21:14, Raphael Kubo da Costa wrote:
>> Additionally, I'd argue that it is hard for it to be "known insecure"
>> since upstream does not maintain it even for security vulnerabilities
>> anymore, so security problems have nowhere to be reported and
>> vulnerabilities common to KDE3 and KDE4 only get published and fixed in
>> the latter.
>
> This doesn't count?
> http://cve.mitre.org/cve/
> http://web.nvd.nist.gov/view/vuln/search?execution=e2s1
>
> It seems to be there is somewhere to report them...

The vulnerabilities disclosed in those places are normally published
after upstream has been contacted and come up with a fix for the
security issue, so I don't think the lack of new KDE3 advisories
compared to KDE4 ones means the former is safer.