Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 07 Sep 2011 11:53:00 -0400
From:      "Mikhail T." <mi+thun@aldan.algebra.com>
To:        Chris Rees <crees@freebsd.org>
Cc:        "Julian H. Stacey" <jhs@berklix.com>, freebsd-ports@freebsd.org
Subject:   Re: sysutils/cfs
Message-ID:  <4E67935C.6080702@aldan.algebra.com>
In-Reply-To: <CADLo838dMd5=TjRF5ffiaPH7o0%2BpeWgaqbQqEfDb3EP-n4ec8A@mail.gmail.com>
References:  <4E651DCF.30605@FreeBSD.org> <201109052146.p85Lkous037023@fire.js.berklix.net> <CADLo838dMd5=TjRF5ffiaPH7o0%2BpeWgaqbQqEfDb3EP-n4ec8A@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On -10.01.-28163 14:59, Chris Rees wrote:
> I don't actually think they've been divisive -- it's been policy for years. 

The policy -- up until fairly recently -- was to remove ports, that *fail to 
build* for a while. This made sense -- if the port remains unbuildable long 
enough, then, certainly, it is no longer in use.

The /new/ policy of removing ports for much lighter offenses, such as having 
vulnerabilities, has already caused so many objections, that it is time to 
abolish it.
> I don't call four weeks for software with a security vulnerability short 
> notice. We count a maintainer timeout as half that.

A "maintainer timeout" will allow another developer to perform a fix. To 
completely remove the port (if that has to happen at all), a much longer warning 
is warranted.

> My problem with 'whining' (perhaps a less emotional response from me would 
> have been better) was the sheer number of people stepping up and refusing to 
> provide any fixes, just criticising me for wanting to remove something. It's 
> just not constructive. 

Yes, the matter is exactly that: your wanting to remove something, that 
continues to build and remains in use. You followed, what you think is "an old" 
policy, and are getting flack from people like myself, who object to the (new) 
policy. Nothing personal...

> Patches gratefully received (this is a volunteer effort after all....)

Again. This is not about a particular port -- Julian, myself, and other 
objectors can fix /any/ port, but we can not fix them /all/, so blaming us for 
not submitting patches is wrong.

We object to the new policy, because we believe, only those ports, that fail to 
build, ought to be removed. Problematic ports ought to remain in the tree (as 
long as they build) -- to make it easier for people to continue using them 
and/or offer to maintain them. If there remains a vulnerability, then, of 
course, a loud warning (with a link to the advisory(ies)) is in order, but the 
users ought to make their own choices and evaluations.

    -mi




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E67935C.6080702>