www/dotproject out of date and vulnerable
Kris Kennaway
kris at obsecurity.org
Tue Sep 19 15:23:02 PDT 2006
On Tue, Sep 19, 2006 at 03:18:01PM -0700, Fred Cox wrote:
> It's current state is that it will install a
> vulnerable version with either the installed php and
> mysql client or php5 and mysql5. In the latter case,
> there are many bugs in the installed port.
>
> If I submit what I have now, it will install the
> updated version with PHP4. The user will still have
> to track down the mysql problem until I can do the
> right thing, but there will be a period of time while
> I learn about making a port from scratch.
>
> I'm trying to get a read on whether imperfect
> improvement is worth checking in, or whether the
> typical thing is to wait for perfection, even if that
> might take a while.
"Will fail to package" is pretty far from perfection in my book :)
Mark the port FORBIDDEN if you have to, but a port that will not build
with default settings should not be committed.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060919/9d29bc7a/attachment.pgp
More information about the freebsd-ports
mailing list