Procmail got updated!

Matthias Andree matthias.andree at gmx.de
Thu Dec 21 07:26:18 UTC 2017


Am 21.12.2017 um 06:07 schrieb Adam Weinberger:
>> On 20 Dec, 2017, at 17:19, Matthias Andree <matthias.andree at gmx.de>
>> wrote:
>>
>> Am 20.12.2017 um 06:40 schrieb Eugene Grosbein:
>>> On 20.12.2017 01:03, Matthias Andree wrote:
>>>
>>>> Dear Ted, Eugene,
>>> [skip]
>>>
>>> What happened with old good "Tools, not policy" thing?
>>
>> It's simpler than that, no policy involved.
>>
>> The tool had a hollow head, and broke after several years of banging it,
>> and the former tool maker told the public it's out of warranty (never
>> was in due to it being free) and not being fixed any more, and should be
>> scrapped.
>
> I'm a little unsettled by this discussion, because it is moving into
> territory with which we have very little precedent. And the precedent
> that it would establish is not wholly within our mandate.
>
> FreeBSD ports provides the best available versions of software to run
> on FreeBSD---we have traditionally been very conservative in
> deprecating software. The mere fact that there are better alternatives
> is not sufficient reason to take it away from people. When it ceases
> to work, or is intolerably dangerous, then it is incumbent upon us to
> act. You know far, far more about the intricacies of email than I do,
> Matthias, so please correct me if I am incorrect here, but I'm not
> aware of procmail being unsuitably dangerous for admins who make a
> conscious decision to use it.
>

<https://marc.info/?l=openbsd-ports&m=141634350915839&w=2> is all it
needs to mount the various mentioned cases, such as dangerous, bitrotten
and whatever other arguments have been asked for.

Given two CVEs and another crasher fixed in 3.22_5, that is reason
enough to reconsider. We either need to take responsibility and have the
port audited and someone paid to maintain it properly, or remove it, or
at least we need to move it into the poison cabinet and lock it up (i.
e. set DEPRECATED due to missing upstream maintenance and FORBIDDEN +
NOPACKAGE due to it being dangerous),

This is not to belittle ache@ (until 2011) or sunpoet at s and the
contributors' efforts, but really about the upstream software that we
are shipping.



More information about the freebsd-ports mailing list