Date: Fri, 19 Nov 2021 14:41:10 -0800 From: Mel Pilgrim <list_freebsd@bluerosetech.com> To: Eugene Grosbein <eugen@grosbein.net>, Rene Ladan <rene@freebsd.org>, Maxim Sobolev <sobomax@freebsd.org> Cc: ports@freebsd.org, portmgr@freebsd.org, python@freebsd.org Subject: Re: Bringing back lang/python27 with few modules? Message-ID: <09b3a479-5aca-7524-bcee-f03754fefd7c@bluerosetech.com> In-Reply-To: <eb522655-e199-62f2-1a02-b0ae16143421@grosbein.net> References: <CAH7qZfvBQ0gKEdOn7nTuzAbMOG9LM2DVGyUs9b9PGwNgJTDCAw@mail.gmail.com> <CAH7qZfu32O8G2bDboOu4oXJTnofu_73OkU5aNodB7k%2B7xh%2B3UA@mail.gmail.com> <YZTWdBIF7MhjLqqC@freefall.freebsd.org> <eb522655-e199-62f2-1a02-b0ae16143421@grosbein.net>
index | next in thread | previous in thread | raw e-mail
On 2021-11-18 0:43, Eugene Grosbein wrote: > 17.11.2021 17:16, Rene Ladan wrote: >> On Wed, Nov 17, 2021 at 12:37:07AM -0800, Maxim Sobolev wrote: >>> P.S. AFAIK our documented criteria for removing a port is when one of the >>> following is true: >>> o Port lacks maintaintership; >>> o Port has issues building on supported releases; >>> o Port clearly has no users/use; >>> o Port has some serious security issues. >>> >>> The lang/python27 did not belong to either of those bins, IMHO. >> >> "Unmaintained upstream" is also a criterion, and Python 2.7 fits there. > > This is bad criterion for open source software and should not be considered without other reasons > like "unfetchable" or "has known critical vulnerabilities". It very likely has known critical vulnerabilities. For example, CVE-2021-3177 is a potential RCE bug in Python 3.x. It was officially fixed upstream, and the backported fix is found in Python 2.7 LTS contracts.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?09b3a479-5aca-7524-bcee-f03754fefd7c>