From nobody Thu Apr 11 07:30:31 2024 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VFWZt6rShz5GtLq for ; Thu, 11 Apr 2024 07:31:02 +0000 (UTC) (envelope-from portmaster@bsdforge.com) Received: from udns.ultimatedns.net (udns.ultimatedns.net [24.113.41.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ultimatedns.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VFWZs4CWXz4Vl5 for ; Thu, 11 Apr 2024 07:31:01 +0000 (UTC) (envelope-from portmaster@bsdforge.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ultimatedns.net header.s=mx99 header.b=cBBODv0N; spf=none (mx1.freebsd.org: domain of portmaster@bsdforge.com has no SPF policy when checking 24.113.41.81) smtp.mailfrom=portmaster@bsdforge.com Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.16.1/8.16.1) with ESMTP id 43B7UWcQ029012; Thu, 11 Apr 2024 00:30:46 -0700 (PDT) (envelope-from portmaster@bsdforge.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ultimatedns.net; s=mx99; t=1712820646; x=1712821246; r=y; bh=XdH+98z0gdMrBf3GXTenapuwNeRgxwws6o8GH0Y8YeY=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=cBBODv0NJN7ZuLJRFPc9++JPG6yMjI5jwvnv6UCiTu5v1vcbFCIvdAoucR/D7TAPr eEoy/UuRDVWS05ONq7wj/E22ucPaPOB96x/UfWIvovFSWpa2ojbgMvDyjSmWVjwGj7 6UEWR9H0nMmOZTiPWhW9lgngb1Z03ypICiN95ykNG9VRhozf6jmwDNuKLbcQq7i2dh 5S4jwx25aaYEfWbHDyV1EN6mVvw8zV66qoB9e6LPnpv6vx1P+S77eDB6rh0L5zeLgw ZJT5VEferfqiYEO5hoZQNnCkrg7Tq3AXgqtlg5GwmBdZh5wtRJx4vlUcF10xe9V+R7 MNmzLCusIrPvA== List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Date: Thu, 11 Apr 2024 00:30:31 -0700 From: Chris To: Brad D Cc: freebsd-ports@freebsd.org Subject: Re: Porting question related to modifying original source code In-Reply-To: References: User-Agent: UDNSMS/17.0 Message-ID: <524ecefacf36399cfae91ee02a925212@bsdforge.com> X-Sender: portmaster@bsdforge.com Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: / X-Rspamd-Pre-Result: action=no action; module=multimap; Matched map: local_wl_ip X-Spamd-Result: default: False [-0.20 / 15.00]; R_DKIM_ALLOW(-0.20)[ultimatedns.net:s=mx99]; ONCE_RECEIVED(0.10)[]; MIME_GOOD(-0.10)[text/plain]; local_wl_ip(0.00)[24.113.41.81]; MIME_TRACE(0.00)[0:+]; MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org]; ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US]; FROM_EQ_ENVFROM(0.00)[]; R_SPF_NA(0.00)[no SPF record]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[ultimatedns.net:+] X-Rspamd-Queue-Id: 4VFWZs4CWXz4Vl5 On 2024-04-10 10:16, Chris wrote: > On 2024-04-10 07:08, Brad D wrote: >> I’m still pretty fresh to porting here and was given feedback about some >> security >> and build concerns. I’ll be redoing my port and doing more testing (don’t >> mind >> iterating and improving especially when my reviewer was very kind and >> helpful). >> >> Is it uncalled for replacing problematic embedded libraries with equivalent >> ones >> in a port as a dependency if the library is in the repo and well >> maintained? It’s >> also not an essential part of the original app. An example of it being done >> if >> it’s a normal practice would be welcomed. Thanks > If I understand your question correctly; > Generally speaking, internal libraries (to the port) are acceptable, > especially as you seem to indicate, that they make the port more stable. As > far > as security goes; if it's reasonably well maintained upstream with a decent > security history. It shouldn't be a problem. Firefox might be a good example > here. > It has a number of internal libraries, and while there have been security > issues > in the past. They have been met with in a reasonable time frame. > > HTH OK it seems I misinterpreted the question. The answer Gleb provided was (of course) the correct answer. Sorry for the misunderstanding. -- --Chris Hutchinson