On Sat, 16 Mar 2024, at 08:28, Miroslav Lachman wrote: > For vulnerabilities, there is VuXML and pkg audit, not removing > vulnerable port from the tree.
I'm talking about *moving* them to a *different* tree, with different priorities, so preserving choice while implicitly informing of risks, and decreasing the maintenance burden to those running port infra. I'd imagine some threshold would need to be decided on. > If you are asking to remove ports without maintainer, you are asking to > remove 3458 ports right now, and many others depends on these > unmaintained ports, so the impact will be much bigger. > Some unmaintained ports are almost vital - for example without > virtual_oss you cannot use Bluetooth headphones / speakers connected to > FreeBSD. I'm not asking to remove anything, just move to a different tree. People could follow one or the other depending on their (for example) security posture. They'd be able to easily make an informed choice. --
