>> apache13 is EOL upstream. We should not have ports for EOL software. > > Why not, exactly?..
What happens if a security hole or a bug is found? Are we the ones to fix it? If yes are we to host the patches? Where should the bug reports go to - our bug tracker? What if our implementation ceases to match established documentation? Should we host the docs too? The ports collection is one of *third party* software (with a couple of small exceptions). If the third party says "this program is done, has bugs which won't be fixed, etc" we should no longer support it. >> >> If upstream says it's dead, who are we to keep it alive? > > We are a major Operating System project, which maintains ports of > third-party applications for the convenience of our users. An > EOL-declaration by the authors does not mean, the users must stop using it > immediately -- it simply says, the authors will not be releasing > updates/bug-fixes. Correct. However (a) if the third party gave an upgrade path we should encourage our users to use it and (b) if there *are* known bugs and especially security holes we should cease to make it available through our tree. If a user says "I found an issue with X and it is EOL upstream" the correct response is to "upgrade to a supported version". However this discussion is different to the one that we started with (namely that of deprecated ports) so lets try and get back on track :-) -- Eitan Adler _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
