In message <8212dd5a-bcc2-e214-0373-6dbfddef6...@grosbein.net>, Eugene Grosbein writes: > 15.03.2024 3:37, Daniel Engberg wrote: > > On 2024-03-12T15:15:49.000+01:00, Eugene Grosbein <eu...@grosbein.net> wrot > e: > >> 12.03.2024 3:24, Daniel Engberg пишет: > >> > >> [skip] > >> > >> > >>> Another possible option would be to add something to the port's mateda > ta that makes pkg aware and easy notiable > >>> like using a specific color for portname and related information to sign > al > >>> like if it's red it means abandonware and potentially reduced security. > >> > >> Of course, we need to inform users but not enforce. Tools, not policy. > >> > > Eugene > > > > Hi, > > > > Given that we seem to agree on these points in general why should such port > s still be kept in the tree? > > A port should be kept in the tree until it works and has no known security pr > oblems, not imaginable. > > > We don't have such tooling available and it wont likely happen anytime soon > . > > Because it's convenient for a committer who uses these in a controlled netw > ork despite being potentially harmful for others? > > "Potentially harmful" is not valid reason to remove a port. Look at vulnerabi > lity history of any modern web browser. > We know they are full of security holes. All of them. And will be despite of > being supported by developers, it does not matter in fact. > Old software is often much more simple and secure despite of lack of support. > > Do not remove ports just due to theorizing. > > Eugene > >
You have articulated three cogent points in your last three emails. Thank you. -- Cheers, Cy Schubert <cy.schub...@cschubert.com> FreeBSD UNIX: <c...@freebsd.org> Web: https://FreeBSD.org NTP: <c...@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0