Date: Wed, 9 Nov 2011 23:24:35 +0100 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Stanislav Sedov <stas@deglitch.com> Cc: ports@FreeBSD.org Subject: Re: Recent ports removal Message-ID: <20111109222435.GD92221@azathoth.lan> In-Reply-To: <20111109124325.17efc0d1.stas@deglitch.com> References: <20111109124325.17efc0d1.stas@deglitch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--cHMo6Wbp1wrKhbfi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 09, 2011 at 12:43:25PM -0800, Stanislav Sedov wrote: > Hi! >=20 > I noticed the following in the commit log: > % > % Modified files: > % . MOVED=20 > % devel Makefile=20 > % graphics Makefile=20 > % Removed files: > % devel/soup Makefile distinfo pkg-descr pkg-plist=20 > % devel/soup/files patch-Makefile.in patch-configure=20 > % patch-docs::reference::Makefile.in=20 > % patch-soup-0.7.11-gcc41=20 > % patch-src_libsoup_soup-message.c=20 > % patch-src_libwsdl_wsdl-soap-memory.c=20 > % patch-src_libwsdl_wsdl-soap-parse.c=20 > % patch-src_libwsdl_wsdl-typecodes.c=20 > % graphics/clutter-qt Makefile distinfo pkg-descr pkg-plist=20 > % graphics/librsvg Makefile distinfo pkg-descr pkg-plist=20 > % graphics/librsvg/files patch-Makefile.in patch-configure=20 > % patch-librsvg-config.in patch-rsvg-ft.c=20 > % patch-test-ft-gtk.c patch-test-ft.c=20 > % graphics/p5-clutter Makefile distinfo pkg-descr pkg-plist=20 > % Log: > % 2011-11-06 devel/soup: Unmaintain, use devel/libsoup > % 2011-11-06 graphics/clutter-qt: upstream distfile and doesn't build, a= nd %doesn't seem to be developed anymore > % 2011-11-06 graphics/p5-clutter: upstream distfile disappeard, and does= n't seem to be developed anymore > % 2011-11-06 graphics/librsvg: unmaintained and not used anymore >=20 > I just cannot get the commit message. librsvg -- not used by whom? Perso= nally, > I used it in one of my older projects (~ 10 years old) which I don't plan > to rework to use rsvg2/gtk2 because it doesn't make sense for it. So how > do I use my project now on FreeBSD? >=20 > It's also a lie that it's not maintained, it's maintained by ports@ maili= ng > list and the community. So please, restore it. >=20 > The same also probably goes for other ports, but I don't have enough deta= ils > to comment. >=20 > Thanks! >=20 They have been deprecated for a while and noone said anything about those, = that is the purpose of the DEPRECATED status. The "not used anymore" mean not us= ed in the portstree (ie no more depended on). If someone really needs it, he can:=20 1- install it by hand 2- maintain the port 3- just come up when someone deprecate it saying please undeprecate I really need it. 4- they should be a lot more options. I has been deprecated and removed just because upstream don't maintain it, = no one looks at the "maybe" security problem if any etc. Of course it could have been a mistake to remove this one in particular, in= that case sorry about that. Concerning the fact that it is "maintained" by ports@, if it would really b= e the case why it is still in the tree while it depends on libxml1 for which in a= bout 5s I find a security issue: http://web.nvd.nist.gov/view/vuln/detail?vulnId=3DCVE-2011-1944 which hasn'= t been reported and hasn't been fixed at all, which means librsvg1 is also vulnera= ble.=20 the problem is that those ports abandonned upstream are not really maintain anymore, and can lead to a real security problem. note that I don't know yet how the libxml1 vulnerability can have an impact= on librsvg, this is just a 5s example. regards, Bapt --cHMo6Wbp1wrKhbfi Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk66/aMACgkQ8kTtMUmk6EzotgCeJRvAVJSnczBly9wcoPPKE7vu NWwAoI0IXqgotjxCz01lixcWQFwKJmL0 =iEbd -----END PGP SIGNATURE----- --cHMo6Wbp1wrKhbfi--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111109222435.GD92221>