On Mon, Aug 29, 2011 at 10:48:31PM -0700, Doug Barton wrote: > Can someone explain why this would be a bad idea?
Very early in my committer career, I marked a port BROKEN that kde depended on. I was quickly chastisted by people trying to install kde :-) So, the right answer may be "it depends". For unmaintained leaf or leaf-ish ports like you're talking about, I think the answer is exactly correct -- such ports do nothing but cause users problems. But I think it would be counterproductive to mark e.g. php5 and firefox as such whenever a new vulnerability is found. It's just simply too common* an occurrence. A different but related topic: I don't think we've been sufficiently rigorous about marking DEPRECATED or BROKEN ports with EXPIRATION_DATEs. That could be a Junior Committer Task. (I know that Pav has swept some out in the past.) mcl * never mind that some secteam members will grumble that they should be marked as permanentlky insecure anyways _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"