saving a few ports from death
corky1951 at comcast.net
Wed Apr 27 21:37:57 UTC 2011
On Wed 27 Apr 2011 at 14:05:57 PDT Eitan Adler wrote:
>>> apache13 is EOL upstream. We should not have ports for EOL software.
>> Why not, exactly?..
>What happens if a security hole or a bug is found? Are we the ones to
No. The rule of caveat emptor should apply. We don't warranty anything
else in the portstree, why would you think that there's an implied
warranty in this scenario?
>If yes are we to host the patches?
The question is moot, given a negative answer to the preceding one.
>Where should the bug reports go to - our bug tracker?
If they do get submitted there, they should be immediately closed as
>What if our implementation ceases to match established documentation?
>Should we host the docs too?
Same answers as above.
>The ports collection is one of *third party* software (with a couple
>of small exceptions). If the third party says "this program is done,
>has bugs which won't be fixed, etc" we should no longer support it.
Keeping it in the tree != obligation to provide support, i.e., bugfixes
for anything except the port Makefile and other port-related files. As
long as there's a maintainer willing to do the work to keep it running
(warts and all) on the currently-supported FreeBSD releases, I don't see
any reason why it can't be kept in the tree.
>>> If upstream says it's dead, who are we to keep it alive?
>> We are a major Operating System project, which maintains ports of
>> third-party applications for the convenience of our users. An
>> EOL-declaration by the authors does not mean, the users must stop using it
>> immediately -- it simply says, the authors will not be releasing
>Correct. However (a) if the third party gave an upgrade path we should
>encourage our users to use it and (b) if there *are* known bugs and
>especially security holes we should cease to make it available through
Agree with (a) but maybe not (b). That's a decision that should be left
to the users.
> If a user says "I found an issue with X and it is EOL upstream" the
>correct response is to "upgrade to a supported version".
>However this discussion is different to the one that we started with
>(namely that of deprecated ports) so lets try and get back on track :-)
Actually, it's a closely related question.
More information about the freebsd-ports