From owner-freebsd-ports@FreeBSD.ORG Wed Sep 7 16:22:00 2011 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 200711065672 for ; Wed, 7 Sep 2011 16:22:00 +0000 (UTC) (envelope-from mi+thun@aldan.algebra.com) Received: from smtp02.lnh.mail.rcn.net (smtp02.lnh.mail.rcn.net [207.172.157.102]) by mx1.freebsd.org (Postfix) with ESMTP id D6E3F8FC19 for ; Wed, 7 Sep 2011 16:21:59 +0000 (UTC) Received: from mr16.lnh.mail.rcn.net ([207.172.157.36]) by smtp02.lnh.mail.rcn.net with ESMTP; 07 Sep 2011 11:53:02 -0400 Received: from smtp04.lnh.mail.rcn.net (smtp04.lnh.mail.rcn.net [207.172.157.104]) by mr16.lnh.mail.rcn.net (MOS 4.2.3-GA) with ESMTP id BHA86733; Wed, 7 Sep 2011 11:53:01 -0400 X-Auth-ID: anat Received: from 209-6-61-133.c3-0.sbo-ubr1.sbo.ma.cable.rcn.com (HELO utka.zajac) ([209.6.61.133]) by smtp04.lnh.mail.rcn.net with ESMTP; 07 Sep 2011 11:53:00 -0400 Message-ID: <4E67935C.6080702@aldan.algebra.com> Date: Wed, 07 Sep 2011 11:53:00 -0400 From: "Mikhail T." User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:5.0) Gecko/20110714 Thunderbird/5.0 MIME-Version: 1.0 To: Chris Rees References: <4E651DCF.30605@FreeBSD.org> <201109052146.p85Lkous037023@fire.js.berklix.net> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "Julian H. Stacey" , freebsd-ports@freebsd.org Subject: Re: sysutils/cfs X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Sep 2011 16:22:00 -0000 On -10.01.-28163 14:59, Chris Rees wrote: > I don't actually think they've been divisive -- it's been policy for years. The policy -- up until fairly recently -- was to remove ports, that *fail to build* for a while. This made sense -- if the port remains unbuildable long enough, then, certainly, it is no longer in use. The /new/ policy of removing ports for much lighter offenses, such as having vulnerabilities, has already caused so many objections, that it is time to abolish it. > I don't call four weeks for software with a security vulnerability short > notice. We count a maintainer timeout as half that. A "maintainer timeout" will allow another developer to perform a fix. To completely remove the port (if that has to happen at all), a much longer warning is warranted. > My problem with 'whining' (perhaps a less emotional response from me would > have been better) was the sheer number of people stepping up and refusing to > provide any fixes, just criticising me for wanting to remove something. It's > just not constructive. Yes, the matter is exactly that: your wanting to remove something, that continues to build and remains in use. You followed, what you think is "an old" policy, and are getting flack from people like myself, who object to the (new) policy. Nothing personal... > Patches gratefully received (this is a volunteer effort after all....) Again. This is not about a particular port -- Julian, myself, and other objectors can fix /any/ port, but we can not fix them /all/, so blaming us for not submitting patches is wrong. We object to the new policy, because we believe, only those ports, that fail to build, ought to be removed. Problematic ports ought to remain in the tree (as long as they build) -- to make it easier for people to continue using them and/or offer to maintain them. If there remains a vulnerability, then, of course, a loud warning (with a link to the advisory(ies)) is in order, but the users ought to make their own choices and evaluations. -mi