mi+thun at aldan.algebra.com
Wed Sep 7 16:22:00 UTC 2011
On -10.01.-28163 14:59, Chris Rees wrote:
> I don't actually think they've been divisive -- it's been policy for years.
The policy -- up until fairly recently -- was to remove ports, that *fail to
build* for a while. This made sense -- if the port remains unbuildable long
enough, then, certainly, it is no longer in use.
The /new/ policy of removing ports for much lighter offenses, such as having
vulnerabilities, has already caused so many objections, that it is time to
> I don't call four weeks for software with a security vulnerability short
> notice. We count a maintainer timeout as half that.
A "maintainer timeout" will allow another developer to perform a fix. To
completely remove the port (if that has to happen at all), a much longer warning
> My problem with 'whining' (perhaps a less emotional response from me would
> have been better) was the sheer number of people stepping up and refusing to
> provide any fixes, just criticising me for wanting to remove something. It's
> just not constructive.
Yes, the matter is exactly that: your wanting to remove something, that
continues to build and remains in use. You followed, what you think is "an old"
policy, and are getting flack from people like myself, who object to the (new)
policy. Nothing personal...
> Patches gratefully received (this is a volunteer effort after all....)
Again. This is not about a particular port -- Julian, myself, and other
objectors can fix /any/ port, but we can not fix them /all/, so blaming us for
not submitting patches is wrong.
We object to the new policy, because we believe, only those ports, that fail to
build, ought to be removed. Problematic ports ought to remain in the tree (as
long as they build) -- to make it easier for people to continue using them
and/or offer to maintain them. If there remains a vulnerability, then, of
course, a loud warning (with a link to the advisory(ies)) is in order, but the
users ought to make their own choices and evaluations.
More information about the freebsd-ports