From nobody Fri Mar 15 07:25:10 2024
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Twwkm5J3pz5CnMV
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 15 Mar 2024 07:25:20 +0000 (UTC)
	(envelope-from eugen@grosbein.net)
Received: from mail.rdtc.ru (ns3.rdtc.ru [62.231.190.2])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Twwkm0t9Rz4g0b
	for <ports@freebsd.org>; Fri, 15 Mar 2024 07:25:20 +0000 (UTC)
	(envelope-from eugen@grosbein.net)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail.rdtc.ru (RDTC Post Office Server, from userid 1000)
	id 670361CF08; Fri, 15 Mar 2024 14:25:18 +0700 (+07)
Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [62.231.161.221])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: egrosbein@rdtc.ru)
	by mail.rdtc.ru (RDTC Post Office Server) with ESMTPSA id 4B7F61CC48;
	Fri, 15 Mar 2024 14:25:16 +0700 (+07)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: flo@FreeBSD.org
Received: from [10.58.0.10] (dadvw [10.58.0.10])
	by eg.sd.rdtc.ru (8.17.1/8.17.1) with ESMTPS id 42F7PEDi099152
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT);
	Fri, 15 Mar 2024 14:25:14 +0700 (+07)
	(envelope-from eugen@grosbein.net)
Subject: Re: Proposed ports deprecation and removal policy
To: Daniel Engberg <daniel.engberg.lists@pyret.net>
References: <435edf7c-a956-4317-b327-3372de70dbef@FreeBSD.org>
 <1c5b7818-842f-f7b8-9d4e-5bf681cad20e@grosbein.net>
 <c5e3e5d2d058d90777828b88a0f1506e@mail.infomaniak.com>
 <64c7435c-2d69-1f62-ba7c-30812860a457@grosbein.net>
 <9646fd5d0666c8e57795ea1b370b6af1@mail.infomaniak.com>
 <b10cc27c-d2f9-5c81-115b-2f577ff6f825@grosbein.net>
 <7a7501f71442d27f6d8c1c0a16f247c1@mail.infomaniak.com>
Cc: Florian Smeets <flo@FreeBSD.org>, ports@freebsd.org
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <8212dd5a-bcc2-e214-0373-6dbfddef65c2@grosbein.net>
Date: Fri, 15 Mar 2024 14:25:10 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
In-Reply-To: <7a7501f71442d27f6d8c1c0a16f247c1@mail.infomaniak.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,LOCAL_FROM,
	NICE_REPLY_A,SPF_PASS,T_DATE_IN_FUTURE_96_Q,T_SCC_BODY_TEXT_LINE
	autolearn=ham autolearn_force=no version=4.0.0
X-Spam-Report: 
	* -0.0 SPF_PASS SPF: sender matches SPF record
	* -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
	*      [score: 0.0000]
	*  0.0 T_DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after Received:
	*      date
	*  2.6 LOCAL_FROM From my domains
	* -0.0 T_SCC_BODY_TEXT_LINE No description available.
	* -2.5 NICE_REPLY_A Looks like a legit reply (A)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on eg.sd.rdtc.ru
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:29072, ipnet:62.231.184.0/21, country:RU]
X-Rspamd-Queue-Id: 4Twwkm0t9Rz4g0b

15.03.2024 3:37, Daniel Engberg wrote:
> On 2024-03-12T15:15:49.000+01:00, Eugene Grosbein <eugen@grosbein.net> wrote:
>>  12.03.2024 3:24, Daniel Engberg пишет:
>>
>> [skip]
>>
>>
>>>    Another possible option would be to add something to the port's matedata that makes pkg aware and easy notiable
>>>  like using a specific color for portname and related information to signal
>>>  like if it's red it means abandonware and potentially reduced security.
>>  
>> Of course, we need to inform users but not enforce. Tools, not policy.
>>
> Eugene
> 
> Hi,
> 
> Given that we seem to agree on these points in general why should such ports still be kept in the tree?

A port should be kept in the tree until it works and has no known security problems, not imaginable.

> We don't have such tooling available and it wont likely happen anytime soon.
> Because it's convenient for a committer who uses these in a controlled network despite being potentially harmful for others?

"Potentially harmful" is not valid reason to remove a port. Look at vulnerability history of any modern web browser.
We know they are full of security holes. All of them. And will be despite of being supported by developers, it does not matter in fact.
Old software is often much more simple and secure despite of lack of support.

Do not remove ports just due to theorizing.

Eugene