Postgresql 8.2 branch - keep it in tree

Baptiste Daroussin bapt at FreeBSD.org
Mon Mar 26 06:30:30 UTC 2012


On Sun, Mar 25, 2012 at 06:18:16PM +0300, Konstantin Belousov wrote:
> On Sun, Mar 25, 2012 at 12:54:36PM +0000, Chris Rees wrote:
> > On 25 Mar 2012 13:51, "Radim Kolar" <hsn at filez.com> wrote:
> > >
> > > please do not remove this pgsql branch. its newest branch using old
> > postgresql-contrib full text search engine. Upgrading to 8.3+ is not
> > possible for such applications.
> > 
> > I'm afraid it's not only end of life by upstream, but also vulnerable in
> > more than one CVE, and will not be fixed.
> Why is presence of a CVE relevant for 90% of all port users ?

How are we supposed to know how people are using the ports? It is impossible to
know how much the CVE will impact our users, keeping ports with known unfixed CVE
is proposing potentially risky software to our users, which is not acceptable.

If upstream has dropped their support for a given version, a maintainer has two
choices: do himself the active support instead of upstream, or follow upstream
policy and drop the port.

regards,
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20120326/c1a88f9f/attachment.pgp


More information about the freebsd-ports mailing list