saving a few ports from death
Erik Trulsson
ertr1013 at student.uu.se
Wed Apr 27 22:01:48 UTC 2011
On Wed, Apr 27, 2011 at 05:05:57PM -0400, Eitan Adler wrote:
> >> apache13 is EOL upstream. We should not have ports for EOL software.
> >
> > Why not, exactly?..
>
> What happens if a security hole or a bug is found? Are we the ones to
> fix it? If yes are we to host the patches? Where should the bug
> reports go to - our bug tracker? What if our implementation ceases to
> match established documentation? Should we host the docs too?
"We"? Who is this "we" you keep talking about here?
If a port has a security hole then it is up to the maintainer to find a
fix for it - if this fix is a patch he/she comes up with or a switch to
a newer upstream version is irrelevant.
If there is no maintainer and nobody else provides a fix either, it is
time to mark the port as FORBIDDEN and DEPRECATED and remove it after
the deprecation period expires, just like how other broken ports are
handled.
>
> The ports collection is one of *third party* software (with a couple
> of small exceptions). If the third party says "this program is done,
> has bugs which won't be fixed, etc" we should no longer support it.
Depends on what you mean by "support", but removing a port just because
upstream development has ceased is just plain silly.
--
<Insert your favourite quote here.>
Erik Trulsson
ertr1013 at student.uu.se
More information about the freebsd-ports
mailing list