Date: Thu, 21 Dec 2017 16:16:47 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Matthias Andree <matthias.andree@gmx.de>, Adam Weinberger <adamw@adamw.org> Cc: Ted Hatfield <ted@io-tx.com>, freebsd-ports@freebsd.org, Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> Subject: Re: Procmail got updated! Message-ID: <5A3B7BFF.2020202@grosbein.net> In-Reply-To: <f02e8c58-4fc5-6fd9-ed06-02e3077e67e8@gmx.de> References: <alpine.BSF.2.21.1712181012470.92288@aneurin.horsfall.org> <a3a1097d-22c7-89cc-dd69-b4ceeebf7228@gmx.de> <alpine.BSF.2.20.1712181824220.10261@io-tx.com> <f68594db-396b-0821-e90d-3f089781e8fd@gmx.de> <5A39F7C9.1030800@grosbein.net> <05504d3c-3225-e83f-8f10-225319421a35@gmx.de> <B51F1354-44C9-4936-A78B-84F34A4516B5@adamw.org> <f02e8c58-4fc5-6fd9-ed06-02e3077e67e8@gmx.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21.12.2017 14:24, Matthias Andree wrote: >>>> What happened with old good "Tools, not policy" thing? >>> >>> It's simpler than that, no policy involved. >>> >>> The tool had a hollow head, and broke after several years of banging it, >>> and the former tool maker told the public it's out of warranty (never >>> was in due to it being free) and not being fixed any more, and should be >>> scrapped. >> >> I'm a little unsettled by this discussion, because it is moving into >> territory with which we have very little precedent. And the precedent >> that it would establish is not wholly within our mandate. >> >> FreeBSD ports provides the best available versions of software to run >> on FreeBSD---we have traditionally been very conservative in >> deprecating software. The mere fact that there are better alternatives >> is not sufficient reason to take it away from people. When it ceases >> to work, or is intolerably dangerous, then it is incumbent upon us to >> act. You know far, far more about the intricacies of email than I do, >> Matthias, so please correct me if I am incorrect here, but I'm not >> aware of procmail being unsuitably dangerous for admins who make a >> conscious decision to use it. >> > > <https://marc.info/?l=openbsd-ports&m=141634350915839&w=2>; is all it > needs to mount the various mentioned cases, such as dangerous, bitrotten > and whatever other arguments have been asked for. > > Given two CVEs and another crasher fixed in 3.22_5, that is reason > enough to reconsider. We either need to take responsibility and have the > port audited and someone paid to maintain it properly, or remove it, or > at least we need to move it into the poison cabinet and lock it up (i. > e. set DEPRECATED due to missing upstream maintenance and FORBIDDEN + > NOPACKAGE due to it being dangerous), > > This is not to belittle ache@ (until 2011) or sunpoet@s and the > contributors' efforts, but really about the upstream software that we > are shipping. We do not "ship" procmail. It is not part of FreeBSD. It is third-party software packaged for user's convenience without any guarantee. So, you demand we stop shipping any unmaintained software with our Ports & Packages? Absence of CVEs means nothing and almost any non-trivial software has bugs (axiom).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A3B7BFF.2020202>