Why do we not mark vulnerable ports DEPRECATED?
Doug Barton
dougb at FreeBSD.org
Tue Aug 30 18:55:26 UTC 2011
On 08/30/2011 08:29, Chad Perrin wrote:
> On Mon, Aug 29, 2011 at 10:48:31PM -0700, Doug Barton wrote:
>> I'm doing some updates and came across mail/postfix-policyd-spf which
>> relies on mail/libspf2-10. The latter had a vuxml entry added on
>> 2008-10-27. So my question is, why has mail/libspf2-10 been allowed to
>> remain in the tree vulnerable for almost 3 years?
>>
>> Wouldn't it make more sense to mark vulnerable ports DEPRECATED
>> immediately with a short expiration? When they get fixed they get
>> un-deprecated. If they don't, they get removed. Can someone explain why
>> this would be a bad idea?
>
> Might that not interfere with the process of getting a new maintainer for
> a popular port when its previous maintainer has been lax (or hit by a
> bus)?
Sorry if I'm being dense, but I'm not seeing the connection. Can you
elaborate?
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the freebsd-ports
mailing list