Date: Tue, 08 Jan 2013 22:14:11 +0200 From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: freebsd-ports@freebsd.org Subject: Re: Why delete KDE3 ports? Message-ID: <87txqro2jw.fsf@FreeBSD.org> References: <mailman.202.1357547625.2166.freebsd-ports@freebsd.org> <50EADA33.9010308@aldan.algebra.com> <50EB16B2.4070502@FreeBSD.org> <50EB1991.8010400@marino.st> <CA%2BtpaK1t4TUPeAZATVPO=KZPdwk4aksMDGeWxiMP7HCLcM8S_g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Adam Vande More <amvandemore@gmail.com> writes: > On Mon, Jan 7, 2013 at 12:53 PM, John Marino <freebsdml@marino.st> wrote: >> "possibly insecure": I think this needs to be "known insecure" rather >> than holding it's last release date against it. > > http://www.kde.org/info/security/advisory-20100413-1.txt > > Probably other security issues as well. I didn't have to look very long. > In a codebase as large as KDE's, it seems a very slim chance indeed years > could go by without maintenance and still maintain security. Additionally, I'd argue that it is hard for it to be "known insecure" since upstream does not maintain it even for security vulnerabilities anymore, so security problems have nowhere to be reported and vulnerabilities common to KDE3 and KDE4 only get published and fixed in the latter.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87txqro2jw.fsf>