Re: git: 020281bef16d - main - archivers/fastjar: remove undue deprecation of maintained port

In reply to: Fernando_Apesteguía : "Re: git: 020281bef16d - main - archivers/fastjar: remove undue deprecation of maintained port"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Daniel Engberg <daniel.engberg.lists_at_pyret.net>
Date: Sat, 30 Mar 2024 19:53:58 UTC

On 2024-03-30T17:00:08.000+01:00, Fernando Apesteguía <fernando.apesteguia@gmail.com> wrote:
>  El sáb, 30 mar 2024, 14:21, Daniel Engberg <daniel.engberg.lists@pyret.net>
> escribió:
> 
> 
> >    On 2024-03-30T09:06:51.000+01:00, Gleb Popov <arrowd@freebsd.org> wrote:
> > 
> > >      On Sat, Mar 30, 2024 at 8:38 AM Alexey Dokuchaev <danfe@freebsd.org>
> >   wrote:
> > 
> > >    
> > > 
> > > >     
> > > >     The branch main has been updated by danfe:
> > > >   
> > > >     URL:
> > >   https://cgit.FreeBSD.org/ports/commit/?id=020281bef16d866a64bac35850f21ae27f956b5c
> > > 
> > > >  
> > > > >     
> > > > >     commit 020281bef16d866a64bac35850f21ae27f956b5c
> > > > >     Author:     Alexey Dokuchaev <danfe@FreeBSD.org>
> > > > >     AuthorDate: 2024-03-30 05:36:18 +0000
> > > > >     Commit:     Alexey Dokuchaev <danfe@FreeBSD.org>
> > > > >     CommitDate: 2024-03-30 05:36:18 +0000
> > > > >   
> > > > >         archivers/fastjar: remove undue deprecation of maintained port
> > > >   
> > > >   It is my personal opinion, but I think that one should assume
> > > >   maintainership when undeprecating a port (especially maintained by a
> > >   group)
> > > 
> > >  I also found an old CVE which I don't know if it's fixed or not.
> > >  https://www.opencve.io/cve/CVE-2006-3619
> >  
> > 
> > If you don't know, then it is not an argument to keep the port deprecated.
> > If you are, then it might be. Even in that case, as per the handbook, ports
> > with security issues are marked as FORBIDDEN, not DEPRECATED:

Did I state anywhere that as a reason for deprecation?

> > 
> > https://docs.freebsd.org/en/books/porters-handbook/book/#security-fix
> > 
> > 
> > 
> > 
> > >   
> > >  There's also a fork here from what I can tell:
> > >  http://download.savannah.nongnu.org/releases/fastjar/
> > > 
> > >  I don't know if it's worth keeping for less than a sec of processing and
> > >  newer version of openjdk might have improved performance too (openjdk8 is
> > >  pretty old).
> > > 
> >  
> > *might*? I think arguments for or against deprecating should not be guesses.

Please clarify your reference

> > 
> > Don't get me wrong, I'm all for keeping the ports tree clean, but these "a
> > posteriori" (non) arguments sound a bit weak :-)

I have no idea what you read.

> > 
> > 
> > 
> > >    Best regards,
> > >  Daniel
> > 

Best regards,
Daniel