Re: Proposed ports deprecation and removal policy
- In reply to: Eugene Grosbein : "Re: Proposed ports deprecation and removal policy"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 18 Mar 2024 04:27:59 UTC
In message <8212dd5a-bcc2-e214-0373-6dbfddef65c2@grosbein.net>, Eugene Grosbein writes: > 15.03.2024 3:37, Daniel Engberg wrote: > > On 2024-03-12T15:15:49.000+01:00, Eugene Grosbein <eugen@grosbein.net> wrot > e: > >> 12.03.2024 3:24, Daniel Engberg пишет: > >> > >> [skip] > >> > >> > >>> Another possible option would be to add something to the port's mateda > ta that makes pkg aware and easy notiable > >>> like using a specific color for portname and related information to sign > al > >>> like if it's red it means abandonware and potentially reduced security. > >> > >> Of course, we need to inform users but not enforce. Tools, not policy. > >> > > Eugene > > > > Hi, > > > > Given that we seem to agree on these points in general why should such port > s still be kept in the tree? > > A port should be kept in the tree until it works and has no known security pr > oblems, not imaginable. > > > We don't have such tooling available and it wont likely happen anytime soon > . > > Because it's convenient for a committer who uses these in a controlled netw > ork despite being potentially harmful for others? > > "Potentially harmful" is not valid reason to remove a port. Look at vulnerabi > lity history of any modern web browser. > We know they are full of security holes. All of them. And will be despite of > being supported by developers, it does not matter in fact. > Old software is often much more simple and secure despite of lack of support. > > Do not remove ports just due to theorizing. > > Eugene > > You have articulated three cogent points in your last three emails. Thank you. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0