saving a few ports from death
Charlie Kester
corky1951 at comcast.net
Wed Apr 27 21:37:57 UTC 2011
On Wed 27 Apr 2011 at 14:05:57 PDT Eitan Adler wrote:
>>> apache13 is EOL upstream. We should not have ports for EOL software.
>>
>> Why not, exactly?..
>
>What happens if a security hole or a bug is found? Are we the ones to
>fix it?
No. The rule of caveat emptor should apply. We don't warranty anything
else in the portstree, why would you think that there's an implied
warranty in this scenario?
>If yes are we to host the patches?
The question is moot, given a negative answer to the preceding one.
>Where should the bug reports go to - our bug tracker?
If they do get submitted there, they should be immediately closed as
"Won't Fix".
>What if our implementation ceases to match established documentation?
>Should we host the docs too?
Same answers as above.
>
>The ports collection is one of *third party* software (with a couple
>of small exceptions). If the third party says "this program is done,
>has bugs which won't be fixed, etc" we should no longer support it.
Keeping it in the tree != obligation to provide support, i.e., bugfixes
for anything except the port Makefile and other port-related files. As
long as there's a maintainer willing to do the work to keep it running
(warts and all) on the currently-supported FreeBSD releases, I don't see
any reason why it can't be kept in the tree.
>>>
>>> If upstream says it's dead, who are we to keep it alive?
>>
>> We are a major Operating System project, which maintains ports of
>> third-party applications for the convenience of our users. An
>> EOL-declaration by the authors does not mean, the users must stop using it
>> immediately -- it simply says, the authors will not be releasing
>> updates/bug-fixes.
>
>Correct. However (a) if the third party gave an upgrade path we should
>encourage our users to use it and (b) if there *are* known bugs and
>especially security holes we should cease to make it available through
>our tree.
Agree with (a) but maybe not (b). That's a decision that should be left
to the users.
>
> If a user says "I found an issue with X and it is EOL upstream" the
>correct response is to "upgrade to a supported version".
See above.
>However this discussion is different to the one that we started with
>(namely that of deprecated ports) so lets try and get back on track :-)
Actually, it's a closely related question.
More information about the freebsd-ports
mailing list