Date: Tue, 30 Aug 2011 11:55:25 -0700 From: Doug Barton <dougb@FreeBSD.org> To: "freebsd-ports@FreeBSD.org" <freebsd-ports@FreeBSD.org> Subject: Re: Why do we not mark vulnerable ports DEPRECATED? Message-ID: <4E5D321D.9020209@FreeBSD.org> In-Reply-To: <20110830152920.GB69850@guilt.hydra> References: <4E5C79AF.6000408@FreeBSD.org> <20110830152920.GB69850@guilt.hydra>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/30/2011 08:29, Chad Perrin wrote: > On Mon, Aug 29, 2011 at 10:48:31PM -0700, Doug Barton wrote: >> I'm doing some updates and came across mail/postfix-policyd-spf which >> relies on mail/libspf2-10. The latter had a vuxml entry added on >> 2008-10-27. So my question is, why has mail/libspf2-10 been allowed to >> remain in the tree vulnerable for almost 3 years? >> >> Wouldn't it make more sense to mark vulnerable ports DEPRECATED >> immediately with a short expiration? When they get fixed they get >> un-deprecated. If they don't, they get removed. Can someone explain why >> this would be a bad idea? > > Might that not interfere with the process of getting a new maintainer for > a popular port when its previous maintainer has been lax (or hit by a > bus)? Sorry if I'm being dense, but I'm not seeing the connection. Can you elaborate? Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E5D321D.9020209>