> On 14. Mar 2024, at 21:38, Daniel Engberg <daniel.engberg.li...@pyret.net>
> wrote:
>
> On 2024-03-12T15:15:49.000+01:00, Eugene Grosbein <eugen@grosbeinnet> wrote:
>> 12.03.2024 3:24, Daniel Engberg пишет:
>>
>> [skip]
>>
>>
>>> Another possible option would be to add something to the port's matedata
>>> that makes pkg aware and easy notiable
>>> like using a specific color for portname and related information to signal
>>> like if it's red it means abandonware and potentially reduced security.
>>
>> Of course, we need to inform users but not enforce. Tools, not policy.
>>
> Eugene
>
> Hi,
>
> Given that we seem to agree on these points in general why should such ports
> still be kept in the tree? We don't have such tooling available and it wont
> likely happen anytime soon. Because it's convenient for a committer who uses
> these in a controlled network despite being potentially harmful for others?
>
> Just to be clear, I'm after where do we draw the line in general.
>
> If we look at other distros in general based on availability the decision
> seems to favour overall user security than "convenience". Given that we have
> security policies etc in place I'd say that we in general are leaning towards
> user security?
So your proposal is to only have ports in the tree that are safe to run on
unprotected public networks?
-m
