Why delete KDE3 ports?
Raphael Kubo da Costa
rakuco at FreeBSD.org
Tue Jan 8 20:14:32 UTC 2013
Adam Vande More <amvandemore at gmail.com> writes:
> On Mon, Jan 7, 2013 at 12:53 PM, John Marino <freebsdml at marino.st> wrote:
>> "possibly insecure": I think this needs to be "known insecure" rather
>> than holding it's last release date against it.
>
> http://www.kde.org/info/security/advisory-20100413-1.txt
>
> Probably other security issues as well. I didn't have to look very long.
> In a codebase as large as KDE's, it seems a very slim chance indeed years
> could go by without maintenance and still maintain security.
Additionally, I'd argue that it is hard for it to be "known insecure"
since upstream does not maintain it even for security vulnerabilities
anymore, so security problems have nowhere to be reported and
vulnerabilities common to KDE3 and KDE4 only get published and fixed in
the latter.
More information about the freebsd-ports
mailing list