Date: Tue, 19 Sep 2006 18:23:00 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Fred Cox <sailorfred@yahoo.com> Cc: freebsd-ports@freebsd.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: www/dotproject out of date and vulnerable Message-ID: <20060919222300.GA50048@xor.obsecurity.org> In-Reply-To: <20060919221806.17148.qmail@web31813.mail.mud.yahoo.com> References: <20060919220905.GA49727@xor.obsecurity.org> <20060919221806.17148.qmail@web31813.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 19, 2006 at 03:18:01PM -0700, Fred Cox wrote: > It's current state is that it will install a > vulnerable version with either the installed php and > mysql client or php5 and mysql5. In the latter case, > there are many bugs in the installed port. >=20 > If I submit what I have now, it will install the > updated version with PHP4. The user will still have > to track down the mysql problem until I can do the > right thing, but there will be a period of time while > I learn about making a port from scratch. >=20 > I'm trying to get a read on whether imperfect > improvement is worth checking in, or whether the > typical thing is to wait for perfection, even if that > might take a while. "Will fail to package" is pretty far from perfection in my book :) Mark the port FORBIDDEN if you have to, but a port that will not build with default settings should not be committed. Kris --liOOAslEiF7prFVr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFEG3EWry0BWjoQKURAvfcAJ0eu5Zi5F/4PjZqBikULJerrdyRZgCgsoy6 ftMjIGxlYGHZ7jedqUuEvvg= =adxF -----END PGP SIGNATURE----- --liOOAslEiF7prFVr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060919222300.GA50048>