[Bug 281837] Handbook "CentOS Base System from FreeBSD Packages" recommends deprecated packages

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 19 Oct 2024 09:58:28 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281837

--- Comment #45 from Fernando Apesteguía <fernape@FreeBSD.org> ---
(In reply to Alexander Ziaee from comment #43)


> Can we convey the information of 1. What is going on in this chapter and 2. The
> security risk involve; without terrorizing the user?

"terrorizing"? Really? Quite an hyperbole I think.

> Can we use a combination of both? Clear warning in normal text in opening,

Clear warning in normal text is a contradiction in itself. *Many* people don't
read the text paragraph. Installing the linux base packages is a oneliner.
People see the oneliner, execute it and go on with their lives :-)

> FreeBSD desktop is for nerds, and they get very alarmed when someone is screaming at them.

That was very uncalled for. Don't use that adjective and/or assume people have
some kind of specific mental trait.

> Then if a warning box is truly improving the security environment it can go at the end like usual boxes?

This was discussed in the review, and nobody objected. Only after the commit
which is unfortunate and kind of unfair if you ask me. See
https://reviews.freebsd.org/D47017#inline-281657

Note that I don't say this commit is perfect (or even good) because it had a
backing review. What I say is that this discussion should have happened there.

Now, the *objective truth*, the *fact* is that c7 packages are *deprecated
upstream*. And we know what that means: no bugfixing, no security updates.

What I see here: https://github.com/shkhln/linuxulator-steam-utils/issues/143
is people saying the package is going away, which is false. The package does
not have an EXPIRATION_DATE. The same way, an unmaintained port does not go
away, but it means it is more likely to have unresolved issues.

The other thing I see in that link is someone saying "I kind of expected the
same people that contributed the newer linux base to do the necessary
preparation work". 

Well, patches are always welcome.

The fact that we have a new linux base system has nothing to do with the fact
that c7 packages are deprecated upstream. I don't think hiding the implications
of using c7 packages under the rug is a good policy.

-- 
You are receiving this mail because:
You are on the CC list for the bug.