From nobody Sat Mar 16 08:28:23 2024 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TxZ5H30ZNz5CpdL for ; Sat, 16 Mar 2024 08:28:35 +0000 (UTC) (envelope-from SRS0=ejvT=KW=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TxZ5F6kmlz4RVD for ; Sat, 16 Mar 2024 08:28:33 +0000 (UTC) (envelope-from SRS0=ejvT=KW=quip.cz=000.fbsd@elsa.codelab.cz) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=quip.cz header.s=private header.b=0seSEa+R; dkim=pass header.d=quip.cz header.s=private header.b=c4hiVUTl; dmarc=none; spf=none (mx1.freebsd.org: domain of "SRS0=ejvT=KW=quip.cz=000.fbsd@elsa.codelab.cz" has no SPF policy when checking 94.124.105.4) smtp.mailfrom="SRS0=ejvT=KW=quip.cz=000.fbsd@elsa.codelab.cz" Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id AE29AD7889 for ; Sat, 16 Mar 2024 09:28:24 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private; t=1710577704; bh=EWRgqYysxDnNnAj7NeRRr3EAOSUO8kEtU9E+YRg6U5k=; h=Date:Subject:To:References:From:In-Reply-To; b=0seSEa+RehfCAvGuVXkpVEtzHcnv9kNPX9diPnKBc3gh6Op0LctDzIyx09J6CZi/m +GdT16EXzmMCq9KuR++oGDoTdMm7bS24jLcCo35mk3QJ20JK0q3uR0+ePTtVFWQhCY LJHR13J6ft2af/VLvRRiS3Gvy5y6TPJekivVq8sg= Received: from [192.168.145.49] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 9CB6ED7884 for ; Sat, 16 Mar 2024 09:28:23 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private; t=1710577703; bh=EWRgqYysxDnNnAj7NeRRr3EAOSUO8kEtU9E+YRg6U5k=; h=Date:Subject:To:References:From:In-Reply-To; b=c4hiVUTlqQCXl04RAO4DFX+C/+jL+DiHyVYErC2o3rx/D2F8ZolAFFKYY/n1xh6cV l0TSjbsrc3lvkvkxrrWtoMF0ES8xNRwQ8NNZ2Y23UA3AhXSLVYqGDv0k81NN+P0EWC 0JJE8Is2azVZKbV1fqGEk+FpXOuYr0b43RDg24Ao= Message-ID: <514c12bf-0605-4d83-96e6-132507ce470d@quip.cz> Date: Sat, 16 Mar 2024 09:28:23 +0100 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Proposed ports deprecation and removal policy To: ports@freebsd.org References: <7a7501f71442d27f6d8c1c0a16f247c1@mail.infomaniak.com> <7fd610fa25ffb9a4348aaadf7459a689@mail.infomaniak.com> <20240315072753.46ffa39e1bbb2e0996099cdf@dec.sakura.ne.jp> <2cfb2038d956813eefb068a8f61e1970@mail.infomaniak.com> <2a868d2a-649e-4b76-870d-2cd8cfeb4f7d@app.fastmail.com> Content-Language: en-US From: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: <2a868d2a-649e-4b76-870d-2cd8cfeb4f7d@app.fastmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=ejvT=KW=quip.cz=000.fbsd@elsa.codelab.cz]; R_DKIM_ALLOW(-0.20)[quip.cz:s=private]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; R_SPF_NA(0.00)[no SPF record]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; DMARC_NA(0.00)[quip.cz]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; MLMMJ_DEST(0.00)[ports@freebsd.org]; FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=ejvT=KW=quip.cz=000.fbsd@elsa.codelab.cz]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org]; DKIM_TRACE(0.00)[quip.cz:+] X-Rspamd-Queue-Id: 4TxZ5F6kmlz4RVD On 16/03/2024 02:48, void wrote: > On Thu, 14 Mar 2024, at 22:59, Daniel Engberg wrote: > >> Since we've moved to git perhaps another option might be to create a separate >> repo (possibly via submodules) with less restricive polices and have >> that as an "add-on" for the official tree without the ports team's and >> committers's involvement, a bit like "you're on your own" approach? > > 100% agree with this. Stuff with an active maintainer: keep in the official tree. > Stuff without, or stuff that depends on stuff without - into the > 'unsupported' tree. Some distros (notably Debian) do this. It's 2024 > not 1994 and most computers are connected to the internet either directly or indirectly. I'd argue there is no place in the official tree for > poorly/non-maintained ports. > > I imagine having such a system would markedly decrease the maintenance burden of those responsible for the port infrastructure. > > As a user of ports (a dev only in the sense of reporting issues if one can be a dev in that sense) i feel it would be better to *not have a port at all in the official tree* than to have one which is not maintained and possibly or probably > vulnerable. Remember that not all vulns make it into the vulxml. Having different trees would help new and older users alike to trust ports, and would add > to transparency of freebsd generally. > > just my $0.02 Maintained ports are vulnerable as well, and sometimes somebody else has to submit a patch for an updated version to fix the vulnerability. (I personally have this experience) For vulnerabilities, there is VuXML and pkg audit, not removing vulnerable port from the tree. If you are asking to remove ports without maintainer, you are asking to remove 3458 ports right now, and many others depends on these unmaintained ports, so the impact will be much bigger. Some unmaintained ports are almost vital - for example without virtual_oss you cannot use Bluetooth headphones / speakers connected to FreeBSD. Therefore writing "one size fits all" rules for 32k+ ports is not that easy. There are too many personal views to this simple problem. Kind regards Miroslav Lachman