On Mon, Aug 28, 2017 at 07:46:37AM +0200, Antoine Jacoutot wrote: > On Sun, Aug 27, 2017 at 06:11:22PM -0700, Jeremy Evans wrote: > > puppet-dashboard is one of the only remaining ports still depending on > > ruby 1.8. > > > > Embeds Rails 2.3.17, released in Feburary 2013, and many other ruby > > libraries of similar vintage. I'm not sure it's actually vulnerable to > > any of the many Rails vulnerabilities announced since, but it wouldn't > > surprise me. > > > > Port doesn't actually build anything, it basically just untars and > > retars the distfile, other than fixing shebang lines and changing > > some hardcoded paths. I think removing it using the following quirk > > makes sense: > > It does provide a detailed pkg-readme. > But yeah, the last release is from 2014 and this application has been > deprecated > for years anyway. > > > "web application with no benefit being packaged" > > > > OKs to remove? > > OK with me. > > -- > Antoine
I'm OK with removing it, however I'd paint the bikeshed with 'no longer maintained upstream'. Cheers, -- jasper
