www/dotproject out of date and vulnerable

Kris Kennaway kris at obsecurity.org
Tue Sep 19 15:23:02 PDT 2006


On Tue, Sep 19, 2006 at 03:18:01PM -0700, Fred Cox wrote:
> It's current state is that it will install a
> vulnerable version with either the installed php and
> mysql client or php5 and mysql5.  In the latter case,
> there are many bugs in the installed port.
> 
> If I submit what I have now, it will install the
> updated version with PHP4.  The user will still have
> to track down the mysql problem until I can do the
> right thing, but there will be a period of time while
> I learn about making a port from scratch.
> 
> I'm trying to get a read on whether imperfect
> improvement is worth checking in, or whether the
> typical thing is to wait for perfection, even if that
> might take a while.

"Will fail to package" is pretty far from perfection in my book :)

Mark the port FORBIDDEN if you have to, but a port that will not build
with default settings should not be committed.

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060919/9d29bc7a/attachment.pgp


More information about the freebsd-ports mailing list