svn commit: r433225 - head/security/pgp
Bernard Spil
brnrd at FreeBSD.org
Tue Feb 7 08:33:47 UTC 2017
On 2017-02-06 14:14, Mathieu Arnold wrote:
> Le 03/02/2017 à 15:06, Bernard Spil a écrit :
>> Author: brnrd
>> Date: Fri Feb 3 14:06:59 2017
>> New Revision: 433225
>> URL: https://svnweb.freebsd.org/changeset/ports/433225
>>
>> Log:
>> security/pgp: Mark deprecated
>>
>> - Security/privacy software last updated in 1996
>> has no place in security
>>
>> Modified:
>> head/security/pgp/Makefile
>>
>> Modified: head/security/pgp/Makefile
>> ==============================================================================
>> --- head/security/pgp/Makefile Fri Feb 3 13:24:53 2017 (r433224)
>> +++ head/security/pgp/Makefile Fri Feb 3 14:06:59 2017 (r433225)
>> @@ -13,6 +13,8 @@ COMMENT= PGP International version - Pub
>>
>> ONLY_FOR_ARCHS= i386 amd64 sparc64
>> BROKEN_amd64= unable to validate signatures
>> +DEPRECATED= Software released in 1996 has no place in the security
>> category. Use GnuPG in stead
>
> That sounds like some kind of personal statement. Which I do not think
> has its place in the ports framework.
> Are there known bugs, or security flaws that have not been addressed?
> Because if not, I do not see any reason to remove it.
>
>> +EXPIRATION_DATE= 2017-04-01
Hi Mathieu,
I've looked for vulnerabilities but this software is so old that it
pre-dates the databases. People needing 'pgp' may end up finding this
port and using it which should be prevented.
Agreed, this is more of a personal statement. I'm open for suggestions
for better wording.
Cheers,
Bernard.
More information about the svn-ports-all
mailing list