Date: Thu, 21 Dec 2017 08:24:59 +0100 From: Matthias Andree <matthias.andree@gmx.de> To: Adam Weinberger <adamw@adamw.org> Cc: Eugene Grosbein <eugen@grosbein.net>, Ted Hatfield <ted@io-tx.com>, freebsd-ports@freebsd.org, Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> Subject: Re: Procmail got updated! Message-ID: <f02e8c58-4fc5-6fd9-ed06-02e3077e67e8@gmx.de> In-Reply-To: <B51F1354-44C9-4936-A78B-84F34A4516B5@adamw.org> References: <alpine.BSF.2.21.1712181012470.92288@aneurin.horsfall.org> <a3a1097d-22c7-89cc-dd69-b4ceeebf7228@gmx.de> <alpine.BSF.2.20.1712181824220.10261@io-tx.com> <f68594db-396b-0821-e90d-3f089781e8fd@gmx.de> <5A39F7C9.1030800@grosbein.net> <05504d3c-3225-e83f-8f10-225319421a35@gmx.de> <B51F1354-44C9-4936-A78B-84F34A4516B5@adamw.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 21.12.2017 um 06:07 schrieb Adam Weinberger: >> On 20 Dec, 2017, at 17:19, Matthias Andree <matthias.andree@gmx.de> >> wrote: >> >> Am 20.12.2017 um 06:40 schrieb Eugene Grosbein: >>> On 20.12.2017 01:03, Matthias Andree wrote: >>> >>>> Dear Ted, Eugene, >>> [skip] >>> >>> What happened with old good "Tools, not policy" thing? >> >> It's simpler than that, no policy involved. >> >> The tool had a hollow head, and broke after several years of banging i= t, >> and the former tool maker told the public it's out of warranty (never >> was in due to it being free) and not being fixed any more, and should = be >> scrapped. > > I'm a little unsettled by this discussion, because it is moving into > territory with which we have very little precedent. And the precedent > that it would establish is not wholly within our mandate. > > FreeBSD ports provides the best available versions of software to run > on FreeBSD---we have traditionally been very conservative in > deprecating software. The mere fact that there are better alternatives > is not sufficient reason to take it away from people. When it ceases > to work, or is intolerably dangerous, then it is incumbent upon us to > act. You know far, far more about the intricacies of email than I do, > Matthias, so please correct me if I am incorrect here, but I'm not > aware of procmail being unsuitably dangerous for admins who make a > conscious decision to use it. > <https://marc.info/?l=3Dopenbsd-ports&m=3D141634350915839&w=3D2> is all i= t needs to mount the various mentioned cases, such as dangerous, bitrotten and whatever other arguments have been asked for. Given two CVEs and another crasher fixed in 3.22_5, that is reason enough to reconsider. We either need to take responsibility and have the port audited and someone paid to maintain it properly, or remove it, or at least we need to move it into the poison cabinet and lock it up (i. e. set DEPRECATED due to missing upstream maintenance and FORBIDDEN + NOPACKAGE due to it being dangerous), This is not to belittle ache@ (until 2011) or sunpoet@s and the contributors' efforts, but really about the upstream software that we are shipping.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f02e8c58-4fc5-6fd9-ed06-02e3077e67e8>