Re: Bringing back lang/python27 with few modules?

Reply: Maxim Sobolev : "Re: Bringing back lang/python27 with few modules?"
In reply to: Eugene Grosbein : "Re: Bringing back lang/python27 with few modules?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Mel Pilgrim <list_freebsd_at_bluerosetech.com>
Date: Fri, 19 Nov 2021 22:41:10 UTC

On 2021-11-18 0:43, Eugene Grosbein wrote:
> 17.11.2021 17:16, Rene Ladan wrote:
>> On Wed, Nov 17, 2021 at 12:37:07AM -0800, Maxim Sobolev wrote:
>>> P.S. AFAIK our documented criteria for removing a port is when one of the
>>> following is true:
>>>   o Port lacks maintaintership;
>>>   o Port has issues building on supported releases;
>>>   o Port clearly has no users/use;
>>>   o Port has some serious security issues.
>>>
>>> The lang/python27 did not belong to either of those bins, IMHO.
>>
>> "Unmaintained upstream" is also a criterion, and Python 2.7 fits there.
> 
> This is bad criterion for open source software and should not be considered without other reasons
> like "unfetchable" or "has known critical vulnerabilities".

It very likely has known critical vulnerabilities.  For example, 
CVE-2021-3177 is a potential RCE bug in Python 3.x.  It was officially 
fixed upstream, and the backported fix is found in Python 2.7 LTS contracts.