On Wed, Apr 27, 2011 at 05:05:57PM -0400, Eitan Adler wrote:
> >> apache13 is EOL upstream. We should not have ports for EOL software.
> >
> > Why not, exactly?..
> 
> What happens if a security hole or a bug is found? Are we the ones to
> fix it? If yes are we to host the patches? Where should the bug
> reports go to - our bug tracker? What if our implementation ceases to
> match established documentation? Should we host the docs too?

"We"? Who is this "we" you keep talking about here?
If a port has a security hole then it is up to the maintainer to find a
fix for it - if this fix is a patch he/she comes up with or a switch to
a newer upstream version is irrelevant.
If there is no maintainer and nobody else provides a fix either, it is
time to mark the port as FORBIDDEN and DEPRECATED and remove it after
the deprecation period expires, just like how other broken ports are
handled.

> 
> The ports collection is one of *third party* software (with a couple
> of small exceptions). If the third party says "this program is done,
> has bugs which won't be fixed, etc" we should no longer support it.

Depends on what you mean by "support", but removing a port just because
upstream development has ceased is just plain silly.




-- 
<Insert your favourite quote here.>
Erik Trulsson
ertr1...@student.uu.se
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Reply via email to