From owner-freebsd-ports@freebsd.org  Tue Mar 20 18:21:27 2018
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2B697F6326D
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Tue, 20 Mar 2018 18:21:27 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id BA8D180901
 for <freebsd-ports@freebsd.org>; Tue, 20 Mar 2018 18:21:26 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 74DD4F6326A; Tue, 20 Mar 2018 18:21:26 +0000 (UTC)
Delivered-To: ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6297EF63269
 for <ports@mailman.ysv.freebsd.org>; Tue, 20 Mar 2018 18:21:26 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id DEF5A808FE
 for <ports@freebsd.org>; Tue, 20 Mar 2018 18:21:25 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be
 forged))
 by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w2KILD3B080441
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 20 Mar 2018 19:21:14 +0100 (CET)
 (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: yuri@rawbw.com
Received: from [10.58.0.4] ([10.58.0.4])
 by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w2KIL2PY019992
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
 Wed, 21 Mar 2018 01:21:02 +0700 (+07)
 (envelope-from eugen@grosbein.net)
Subject: Re: Not much reason to have */R-cran-* ports
To: Yuri <yuri@rawbw.com>, "ports@freebsd.org" <ports@freebsd.org>
References: <791f8a7f-7f3e-2070-0be3-50494b1b2801@rawbw.com>
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <5AB15109.8010703@grosbein.net>
Date: Wed, 21 Mar 2018 01:20:57 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <791f8a7f-7f3e-2070-0be3-50494b1b2801@rawbw.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE
 autolearn=no autolearn_force=no version=3.4.1
X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000]
 *  1.9 RDNS_NONE Delivered to internal network by a host with no rDNS
 *  2.6 LOCAL_FROM From my domains
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 18:21:27 -0000

21.03.2018 0:01, Yuri wrote:

> FreeBSD should consider banning and removing them, in the same way as Go libraries are banned.

Inability to download fixed and known working version and surely not hijacked distfile
of Go library is really bad. That is, one of strongest sides of FreeBSD Ports collection is that
it is a source of checksums stored independently of distfiles themselves.
So, our users are not vulnerable to attacks replacing distfiles with hacked copies.

Aside of that, it is very bad habit of Go software to actively download some ever changeing code
at compile time for many other reasons. I've faced it porting sysutils/fusefs-webdavfs.
I was lucky there were only three such dependency and two of them have Github repositories
so it is possible to download distfiles for fixed known revisions.

Third dependency got to standard Go distribution since its 1.7 release and simple
invocation of sed successfully prevents it from fetching golang.org/x/net/context
while building. Otherwise, I doubt that reliable port would be possible to create.

I wonder how other Go ports deal with external library dependencies.

And are you sure that R package manager is compatible with FreeBSD ports/packaging system?

Also, please take a look at https://www.mail-archive.com/freebsd-ports@freebsd.org/msg77613.html

It is a bit funny you are bothered on 250 R-cran-* ports when we have 1908 p5-* ports,
964 py-* ports, 600 rubygem-* ports and 280 hs-* ports in the single ports/devel category.

Are you planning to ban and remove p5 ports too? Most of them should be from CPAN.
We had BSDPAN for some time even...

Eugene Grosbein