Doug Barton <do...@freebsd.org> wrote: > >>>>> Better to deprecate such non urgent ports, & wait a while > >>>>> after next release is rolled, to give release users a warning > >>>>> & some time to volunteer ... > >> > >> That's an interesting idea, but incredibly unlikely to happen. > > > > It _certainly_ won't happen if those in charge refuse to try it! > > My point was that the idea is impractical. I was trying to be polite.
How is it impractical to, as a rule, set an expiration date based on an anticipated future release date rather than only a month or two out from when the decision is made? (Note that this is in no way exclusive with setting FORBIDDEN, and/or making an entry in the portaudit database, immediately upon discovering a vulnerability.) > > My *guess* is that "the largest percentage of our users" are what > > Julian calls "release users" -- those who install a release and > > corresponding ports, and don't touch it subsequently until they > > become aware of a problem. They _may_ follow the security branch > > for their base release, but that won't make them aware of issues > > that have turned up in ports. > > For security issues we have portaudit to handle this. Provided it is installed and activated. Perhaps it should be made into a part of the ports infrastructure, or even moved into the base, so as to be present on any machine having packages installed? _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
