On Wed, Nov 09, 2011 at 12:43:25PM -0800, Stanislav Sedov wrote: > Hi! > > I noticed the following in the commit log: > % > % Modified files: > % . MOVED > % devel Makefile > % graphics Makefile > % Removed files: > % devel/soup Makefile distinfo pkg-descr pkg-plist > % devel/soup/files patch-Makefile.in patch-configure > % patch-docs::reference::Makefile.in > % patch-soup-0.7.11-gcc41 > % patch-src_libsoup_soup-message.c > % patch-src_libwsdl_wsdl-soap-memory.c > % patch-src_libwsdl_wsdl-soap-parse.c > % patch-src_libwsdl_wsdl-typecodes.c > % graphics/clutter-qt Makefile distinfo pkg-descr pkg-plist > % graphics/librsvg Makefile distinfo pkg-descr pkg-plist > % graphics/librsvg/files patch-Makefile.in patch-configure > % patch-librsvg-config.in patch-rsvg-ft.c > % patch-test-ft-gtk.c patch-test-ft.c > % graphics/p5-clutter Makefile distinfo pkg-descr pkg-plist > % Log: > % 2011-11-06 devel/soup: Unmaintain, use devel/libsoup > % 2011-11-06 graphics/clutter-qt: upstream distfile and doesn't build, and > %doesn't seem to be developed anymore > % 2011-11-06 graphics/p5-clutter: upstream distfile disappeard, and doesn't > seem to be developed anymore > % 2011-11-06 graphics/librsvg: unmaintained and not used anymore > > I just cannot get the commit message. librsvg -- not used by whom? > Personally, > I used it in one of my older projects (~ 10 years old) which I don't plan > to rework to use rsvg2/gtk2 because it doesn't make sense for it. So how > do I use my project now on FreeBSD? > > It's also a lie that it's not maintained, it's maintained by ports@ mailing > list and the community. So please, restore it. > > The same also probably goes for other ports, but I don't have enough details > to comment. > > Thanks! >
They have been deprecated for a while and noone said anything about those, that is the purpose of the DEPRECATED status. The "not used anymore" mean not used in the portstree (ie no more depended on). If someone really needs it, he can: 1- install it by hand 2- maintain the port 3- just come up when someone deprecate it saying please undeprecate I really need it. 4- they should be a lot more options. I has been deprecated and removed just because upstream don't maintain it, no one looks at the "maybe" security problem if any etc. Of course it could have been a mistake to remove this one in particular, in that case sorry about that. Concerning the fact that it is "maintained" by ports@, if it would really be the case why it is still in the tree while it depends on libxml1 for which in about 5s I find a security issue: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1944 which hasn't been reported and hasn't been fixed at all, which means librsvg1 is also vulnerable. the problem is that those ports abandonned upstream are not really maintain anymore, and can lead to a real security problem. note that I don't know yet how the libxml1 vulnerability can have an impact on librsvg, this is just a 5s example. regards, Bapt
pgp7brhe93V32.pgp
Description: PGP signature