From nobody Thu Mar 14 20:49:46 2024 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Twfdd62rwz5DY7V for ; Thu, 14 Mar 2024 20:49:57 +0000 (UTC) (envelope-from grembo@freebsd.org) Received: from mail.evolve.de (mail.evolve.de [213.239.217.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail.evolve.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Twfdd2GDYz4j0K; Thu, 14 Mar 2024 20:49:57 +0000 (UTC) (envelope-from grembo@freebsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail.evolve.de (OpenSMTPD) with ESMTP id 8300b332; Thu, 14 Mar 2024 20:49:48 +0000 (UTC) Received: by mail.evolve.de (OpenSMTPD) with ESMTPSA id fb915823 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Thu, 14 Mar 2024 20:49:48 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org Mime-Version: 1.0 (1.0) Subject: Re: Proposed ports deprecation and removal policy From: Michael Gmelin In-Reply-To: <7a7501f71442d27f6d8c1c0a16f247c1@mail.infomaniak.com> Date: Thu, 14 Mar 2024 21:49:46 +0100 Cc: Eugene Grosbein , Florian Smeets , ports@freebsd.org Message-Id: References: <7a7501f71442d27f6d8c1c0a16f247c1@mail.infomaniak.com> To: Daniel Engberg X-Mailer: iPhone Mail (20H320) X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE] X-Rspamd-Queue-Id: 4Twfdd2GDYz4j0K > On 14. Mar 2024, at 21:38, Daniel Engberg = wrote: >=20 > =EF=BB=BFOn 2024-03-12T15:15:49.000+01:00, Eugene Grosbein wrote: >> 12.03.2024 3:24, Daniel Engberg =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >>=20 >> [skip] >>=20 >>=20 >>> Another possible option would be to add something to the port's mateda= ta that makes pkg aware and easy notiable >>> like using a specific color for portname and related information to sign= al >>> like if it's red it means abandonware and potentially reduced security. >>=20 >> Of course, we need to inform users but not enforce. Tools, not policy. >>=20 > Eugene >=20 > Hi, >=20 > Given that we seem to agree on these points in general why should such por= ts still be kept in the tree? We don't have such tooling available and it wo= nt likely happen anytime soon. Because it's convenient for a committer who u= ses these in a controlled network despite being potentially harmful for othe= rs? >=20 > Just to be clear, I'm after where do we draw the line in general. >=20 > If we look at other distros in general based on availability the decision s= eems to favour overall user security than "convenience". Given that we have s= ecurity policies etc in place I'd say that we in general are leaning towards= user security? So your proposal is to only have ports in the tree that are safe to run on u= nprotected public networks? -m