Re: Proposed ports deprecation and removal policy
Date: Thu, 14 Mar 2024 20:49:46 UTC
> On 14. Mar 2024, at 21:38, Daniel Engberg <daniel.engberg.lists@pyret.net> wrote: > > On 2024-03-12T15:15:49.000+01:00, Eugene Grosbein <eugen@grosbein.net> wrote: >> 12.03.2024 3:24, Daniel Engberg пишет: >> >> [skip] >> >> >>> Another possible option would be to add something to the port's matedata that makes pkg aware and easy notiable >>> like using a specific color for portname and related information to signal >>> like if it's red it means abandonware and potentially reduced security. >> >> Of course, we need to inform users but not enforce. Tools, not policy. >> > Eugene > > Hi, > > Given that we seem to agree on these points in general why should such ports still be kept in the tree? We don't have such tooling available and it wont likely happen anytime soon. Because it's convenient for a committer who uses these in a controlled network despite being potentially harmful for others? > > Just to be clear, I'm after where do we draw the line in general. > > If we look at other distros in general based on availability the decision seems to favour overall user security than "convenience". Given that we have security policies etc in place I'd say that we in general are leaning towards user security? So your proposal is to only have ports in the tree that are safe to run on unprotected public networks? -m