On Wed, Apr 27, 2011 at 05:05:57PM -0400, Eitan Adler wrote: > >> apache13 is EOL upstream. We should not have ports for EOL software. > > > > Why not, exactly?.. > > What happens if a security hole or a bug is found? Are we the ones to > fix it? If yes are we to host the patches? Where should the bug > reports go to - our bug tracker? What if our implementation ceases to > match established documentation? Should we host the docs too?
"We"? Who is this "we" you keep talking about here? If a port has a security hole then it is up to the maintainer to find a fix for it - if this fix is a patch he/she comes up with or a switch to a newer upstream version is irrelevant. If there is no maintainer and nobody else provides a fix either, it is time to mark the port as FORBIDDEN and DEPRECATED and remove it after the deprecation period expires, just like how other broken ports are handled. > > The ports collection is one of *third party* software (with a couple > of small exceptions). If the third party says "this program is done, > has bugs which won't be fixed, etc" we should no longer support it. Depends on what you mean by "support", but removing a port just because upstream development has ceased is just plain silly. -- <Insert your favourite quote here.> Erik Trulsson ertr1...@student.uu.se _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
