From nobody Mon Feb 07 20:31:13 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0F58319B4251; Mon, 7 Feb 2022 20:31:16 +0000 (UTC) (envelope-from leres@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JsyTc00Nyz4b9M; Mon, 7 Feb 2022 20:31:16 +0000 (UTC) (envelope-from leres@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644265876; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LDggWSpo9PjmY6sTUcXSSdVkvM4HieTIO8AOP6MMgcM=; b=RkDY90NXLex6ZcOynyM7DSlP7cJ6I4FqHlGxgRL2sME6Bw3dlfYOBTkCxClHZChG06KL2y opJZ3m1jHOhGN0lZmIYkHoisYJ5aWNzExhj8XTvhcGtzv4zEaKsPSiC9GexucdCwDK/m0E a497gx9zduvXkHiFw8QqirMn/huAtOzFwgvhTLbpdBNv69XUbLkm75suyo8K2P0SiaL4ef pZxm+vAQGunP15QAahyvwdnkhFdZ4BOzbCabSQse8otcHjqh82MihYG/5cV83DirruYIZj YR1ymfrdqLFm+jVniUvf8x8LrckBgWE18ucLFgB3DHVKEm3Oz4z6Fn/lUXEd7Q== Received: from [IPV6:fd:1965::2] (unknown [IPv6:2600:1700:a570:e20:f2ad:4eff:fe09:150e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: leres) by smtp.freebsd.org (Postfix) with ESMTPSA id 4990616A; Mon, 7 Feb 2022 20:31:15 +0000 (UTC) (envelope-from leres@freebsd.org) Message-ID: <701ebf17-044c-569f-9d61-98ea9fde8581@freebsd.org> Date: Mon, 7 Feb 2022 12:31:13 -0800 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:91.0) Gecko/20100101 Thunderbird/91.6.0 Subject: Re: git: 64fde89d4902 - main - databases/db5: nuke SQL option and abandon port Content-Language: en-US To: Matthias Andree , ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org References: <202201262301.20QN1xnD006453@gitrepo.freebsd.org> From: Craig Leres In-Reply-To: <202201262301.20QN1xnD006453@gitrepo.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644265876; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LDggWSpo9PjmY6sTUcXSSdVkvM4HieTIO8AOP6MMgcM=; b=lesfqyr58h42A50AIObxXMrj4LwIl7JPZdQOJpJWe1ycY82o9WCPXDcdnAPv5dINhf3qtx aI0zRiaRvhwOW5wDxGuPuNNvvt1I5JJ1aB5N9tiA2yEPXoNVz+s1R0pxMfTloPuLe6X4jH tffhubgHZPhDBbxV2dkVQ4DqTTqYqejDiFBNmPaD5VUzx4dyF/27uKa+UHudcBCNO3VB6E HvT6g07HqqE1pUax3ZcmiwJfhkofYIkBQkbMwevN2DQV2VifaAE9cTbcNJx2CPWIK3zu7h 1dR2bkDcG9/T8g7gS//JN/0jb/rg5+JrcCbAChGFOdIDKmxwo+q1b4QOtx+O7Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1644265876; a=rsa-sha256; cv=none; b=fVQ/9Ekl7ODq2fy5nwKAGkznq9kN/TiL/P+auyC6lW4o6XHwg8EgWcodV7T9jR/hCqZqYR LFW1CWSMKA1YU07hywGdBrMpgGL0f0T8nNFd5bcw3LS6oPtdYgWnCZiEtcLx6i7sFi1dyK fVK3N/v6929frFTk2SMa2tI1jDTYAzhOs4HVbZzsImjmfyBqqkrUDJtCQynF39DQ0GS8MO hSCAhVyMbPb+L8fTqeUuOqPW6qyUfokCqscZdZ+DgdNu96SWCjpQ1Qq7i8+OGDq83SedZD 3674mZ/YQGWDNy1dcTMY26Jw8eaqFaqkNwsJvnxXZ+36V+12y1yDH0Q9YcNczw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N On 1/26/22 15:01, Matthias Andree wrote: > The branch main has been updated by mandree: > > URL:https://cgit.FreeBSD.org/ports/commit/?id=64fde89d49029e00b86e66041f3dfda16725ead7 > > commit 64fde89d49029e00b86e66041f3dfda16725ead7 > Author: Matthias Andree > AuthorDate: 2022-01-26 22:41:18 +0000 > Commit: Matthias Andree > CommitDate: 2022-01-26 22:59:35 +0000 > > databases/db5: nuke SQL option and abandon port > > Security: CVE-2019-8457 > > The SQL option is vulnerable, and since this feature was always marked > experimental, nuke it, and backport to 2022Q1. > If someone needs the SQL interface in spite of its vulnerability, > please use: pkg lock -y db5. > > MFH: 2022Q1 > > I am marking the port for expiry and abandoning it because I will no > longer spend the increasing efforts to play hide and seek with Oracle's > patches, or backport sometimes bigger Linux distro patches (Red Hat, > Debian, who else?), or otherwise put up with how they have changed > availability of patches, documentation, or important information. > > FOR db5 USERS: > > One option is to upgrade to db18, but note that db versions 6 and 18 > are under the Affero GNU GPL v3 license, with implications for, > among others, software-as-a-service, and distributability of packages > linking against db. This is in stark contrast with db5's Sleepycat license. > > POTENTIAL MAINTAINERS: > > If someone wants to adopt this, review all the various patches in the > major other BSD distros and Linux distros, check if their patches can be > licensed under a sufficiently liberal license (ideally, MIT-like or > Sleepycat) and see what you need to import. I see that this change leaves us with the BDB_DEFAULT version of bdb marked for deprecation (see appended). Should the default change to 18? Craig Message from db5-5.3.28_8: -- ===> NOTICE: The db5 port currently does not have a maintainer. As a result, it is more likely to have unresolved issues, not be up-to-date, or even be removed in the future. To volunteer to maintain this port, please create an issue at: https://bugs.freebsd.org/bugzilla More information about port maintainership is available at: https://docs.freebsd.org/en/articles/contributing/#ports-contributing -- ===> NOTICE: This port is deprecated; you may wish to reconsider installing it: EOLd, potential security issues, maybe use db18 instead. It is scheduled to be removed on or after 2022-06-30.