From nobody Wed Apr 10 17:16:04 2024 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VF8d01V31z5HScR for ; Wed, 10 Apr 2024 17:16:36 +0000 (UTC) (envelope-from portmaster@bsdforge.com) Received: from udns.ultimatedns.net (udns.ultimatedns.net [24.113.41.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ultimatedns.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VF8cz4Qttz4Cd1 for ; Wed, 10 Apr 2024 17:16:35 +0000 (UTC) (envelope-from portmaster@bsdforge.com) Authentication-Results: mx1.freebsd.org; none Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.16.1/8.16.1) with ESMTP id 43AHG4x6023764; Wed, 10 Apr 2024 10:16:19 -0700 (PDT) (envelope-from portmaster@bsdforge.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ultimatedns.net; s=mx99; t=1712769379; x=1712769979; r=y; bh=dbW1YBbKdn17vxyQ+xjs1IHPS2+KK0ZhSMB4JJ6AY3o=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=CAjQcffhq8ZbBG37WTRHSYm72ygz2eAHKPfFKXiiio9/TO6D2rrC3GFnzA4YlV0sa mxIL3p56iQ2LlB7++FWI5NtnyS/NcYnAoTYFdQh4mDJEqUPgJxJXeLCgtxDVmRqbf6 p2zyrMtAw2qhpIjlSJOzBWWHtXkHcHk4jPgDWoIgwumoMGS5uht8owHdVRJpNSQwXK bA+HCQiTpjlNYRD/fIaJ+hC05NS+dd09mM/AZjiD41tF4aWtiI9G/CgoZiVRjM4w3k 14byRIkfo9l4fdZQiSl2gBis1dPwww53PCP15NL8pWwTcgpmg7WEi9g7bx3OOSuGnZ Sowsh/vP6zXbQ== List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Date: Wed, 10 Apr 2024 10:16:04 -0700 From: Chris To: Brad D Cc: freebsd-ports@freebsd.org Subject: Re: Porting question related to modifying original source code In-Reply-To: References: User-Agent: UDNSMS/17.0 Message-ID: X-Sender: portmaster@bsdforge.com Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US] X-Rspamd-Queue-Id: 4VF8cz4Qttz4Cd1 On 2024-04-10 07:08, Brad D wrote: > I’m still pretty fresh to porting here and was given feedback about some > security > and build concerns. I’ll be redoing my port and doing more testing (don’t > mind > iterating and improving especially when my reviewer was very kind and > helpful). > > Is it uncalled for replacing problematic embedded libraries with equivalent > ones > in a port as a dependency if the library is in the repo and well maintained? > It’s > also not an essential part of the original app. An example of it being done > if > it’s a normal practice would be welcomed. Thanks If I understand your question correctly; Generally speaking, internal libraries (to the port) are acceptable, especially as you seem to indicate, that they make the port more stable. As far as security goes; if it's reasonably well maintained upstream with a decent security history. It shouldn't be a problem. Firefox might be a good example here. It has a number of internal libraries, and while there have been security issues in the past. They have been met with in a reasonable time frame. HTH -- --Chris Hutchinson