Re: git: 307e28238343 - main - sysutils/screen49: Fix fetch

From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Tue, 13 May 2025 17:38:04 UTC
In message <82b04ad4-5e23-42f9-837c-30e0facc3375@FreeBSD.org>, Daniel 
Engberg w
rites:
> On 2025-05-13 19:08, Cy Schubert wrote:
> > On Tue, 13 May 2025 18:53:08 +0200
> > Mathieu Arnold <mat@freebsd.org> wrote:
> > 
> >> On Mon, May 12, 2025 at 03:48:27PM -0700, Cy Schubert wrote:
> >>> Their tarball doesn't include security patches. Security patches are
> >>> included in their 4.9.1 branch but not in the tarball.
> >>>
> >>> Do you still want me to undo and mark the port FORBIDDEN?
> >>
> >> Please don't mark the port FORBIDDEN, the way you are getting the source
> >> is just fine.
> >>
> > 
> > Too late for fetching source from upstream's git repo. diizzy@
> > objected. It was reverted and forbidden. Now reverted back and the
> > patches have been imported directly into the port. It appears upstream
> > will not tag a new point release. We can keep screen49 for now but
> > it will be deprecated should there be any new unfixed CVEs.
> > 
> > The screen meta-port now points to screen50. People wishing to use the
> > old screen should install screen49. But they should plan on migrating
> > to screen/screen50. Screen 5.0's hardstatus parser had been rewritten.
> > It is no longer compatible with the previous hardstatus. Additionally
> > there are some regressions. I have opened a couple of tickets with
> > upstream regarding the regressions. Their parser doesn't work as they
> > expect.
> > 
> > Regardless, we must move forward. I would like to see screen49 removed
> > at some point.
> > 
>
> Thanks, ideally it should be deprecated as soon as upstream stops 
> supporting it and you can also look at alternatives such as tmux, cu, 
> tio etc depending on your usecase.

I didn't see any deprecation notice. The patches were applied to the 
screen-49 branch, as they were to the screen-50 branch. The screen-50 
branch was tagged v.5.0.1. The screen-49 branch was not tagged with a new 
tag. We can assume quasi support for now. I don't know how long that will 
last. They don't make deprecation announcements. Only new release 
announcements.

The fact that the patches were applied to the old branch but that it wasn't 
tagged may tell us that the bug was serious enough to backport it but not 
release a new 4.9. Probably best to deprecate it.

I think we should deprecate it at the end of 2025Q3 then.

>
> Best regards,
> Daniel

I will add an UPDATING notice that the new hardstatus parser is somewhat 
broken. I will not accept PRs to fix upstream's code. I will cut and paste 
our PRs wrt the parser into upstream bug tickets. I don't know how well 
their parser was tested. I've done the best I could with our sample 
hardstatus.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e^(i*pi)+1=0