From nobody Sat Mar 16 10:28:52 2024 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TxcmG0X73z5DWZk for ; Sat, 16 Mar 2024 10:29:02 +0000 (UTC) (envelope-from grembo@freebsd.org) Received: from mail.evolve.de (mail.evolve.de [213.239.217.29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail.evolve.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TxcmF4PYSz4r1Q for ; Sat, 16 Mar 2024 10:29:01 +0000 (UTC) (envelope-from grembo@freebsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail.evolve.de (OpenSMTPD) with ESMTP id 2e551a7d; Sat, 16 Mar 2024 10:28:52 +0000 (UTC) Received: by mail.evolve.de (OpenSMTPD) with ESMTPSA id 620775e2 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sat, 16 Mar 2024 10:28:52 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org Mime-Version: 1.0 (1.0) Subject: Re: Proposed ports deprecation and removal policy From: Michael Gmelin In-Reply-To: <496936f9-b925-4dd4-9e86-6220088fb964@app.fastmail.com> Date: Sat, 16 Mar 2024 11:28:52 +0100 Cc: ports@freebsd.org Message-Id: <883C5440-68BE-4ECC-9CB6-E30253E931C9@freebsd.org> References: <496936f9-b925-4dd4-9e86-6220088fb964@app.fastmail.com> To: void X-Mailer: iPhone Mail (20H320) X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE] X-Rspamd-Queue-Id: 4TxcmF4PYSz4r1Q > On 16. Mar 2024, at 10:45, void wrote: >=20 > =EF=BB=BFOn Sat, 16 Mar 2024, at 08:28, Miroslav Lachman wrote: >=20 >> For vulnerabilities, there is VuXML and pkg audit, not removing=20 >> vulnerable port from the tree. >=20 > I'm talking about *moving* them to a *different* tree, with different=20 > priorities, so preserving choice while implicitly informing of risks, > and decreasing the maintenance burden to those running port infra. > I'd imagine some threshold would need to be decided on. >=20 >> If you are asking to remove ports without maintainer, you are asking to=20= >> remove 3458 ports right now, and many others depends on these=20 >> unmaintained ports, so the impact will be much bigger. >> Some unmaintained ports are almost vital - for example without=20 >> virtual_oss you cannot use Bluetooth headphones / speakers connected to=20= >> FreeBSD. >=20 > I'm not asking to remove anything, just move to a different tree. Yeah, it=E2=80=99s like after a failed investment your money is not really g= one, it=E2=80=99s just somewhere else. > People could > follow one or the other depending on their (for example) security posture.= =20 > They'd be able to easily make an informed choice. > --=20 Seriously, the =E2=80=9Cother=E2=80=9D tree would rot in no time, this is no= t practical (it=E2=80=99s also interesting how the discussion moved from =E2= =80=98ports unmaintained upstream=E2=80=99 to =E2=80=98ports without a maint= ainer=E2=80=99). If the goal is to have a pure system nobody uses, please go= ahead. I (still) think an approach where `pkg audit`warns about unmaintained ports (= and ports without an upstream maintainer), maybe even having config options t= hat prevent the installation of such ports - which could be on by default - w= ould be a way to allow people to make informed decisions without removing th= ese ports from the tree. -m