Procmail got updated!
Eugene Grosbein
eugen at grosbein.net
Thu Dec 21 09:17:16 UTC 2017
On 21.12.2017 14:24, Matthias Andree wrote:
>>>> What happened with old good "Tools, not policy" thing?
>>>
>>> It's simpler than that, no policy involved.
>>>
>>> The tool had a hollow head, and broke after several years of banging it,
>>> and the former tool maker told the public it's out of warranty (never
>>> was in due to it being free) and not being fixed any more, and should be
>>> scrapped.
>>
>> I'm a little unsettled by this discussion, because it is moving into
>> territory with which we have very little precedent. And the precedent
>> that it would establish is not wholly within our mandate.
>>
>> FreeBSD ports provides the best available versions of software to run
>> on FreeBSD---we have traditionally been very conservative in
>> deprecating software. The mere fact that there are better alternatives
>> is not sufficient reason to take it away from people. When it ceases
>> to work, or is intolerably dangerous, then it is incumbent upon us to
>> act. You know far, far more about the intricacies of email than I do,
>> Matthias, so please correct me if I am incorrect here, but I'm not
>> aware of procmail being unsuitably dangerous for admins who make a
>> conscious decision to use it.
>>
>
> <https://marc.info/?l=openbsd-ports&m=141634350915839&w=2> is all it
> needs to mount the various mentioned cases, such as dangerous, bitrotten
> and whatever other arguments have been asked for.
>
> Given two CVEs and another crasher fixed in 3.22_5, that is reason
> enough to reconsider. We either need to take responsibility and have the
> port audited and someone paid to maintain it properly, or remove it, or
> at least we need to move it into the poison cabinet and lock it up (i.
> e. set DEPRECATED due to missing upstream maintenance and FORBIDDEN +
> NOPACKAGE due to it being dangerous),
>
> This is not to belittle ache@ (until 2011) or sunpoet at s and the
> contributors' efforts, but really about the upstream software that we
> are shipping.
We do not "ship" procmail. It is not part of FreeBSD.
It is third-party software packaged for user's convenience without any guarantee.
So, you demand we stop shipping any unmaintained software with our Ports & Packages?
Absence of CVEs means nothing and almost any non-trivial software has bugs (axiom).
More information about the freebsd-ports
mailing list