Greg Byshenk wrote:
On Fri, Sep 09, 2011 at 07:27:51AM +0200, Erik Trulsson wrote:
On Thu, Sep 08, 2011 at 06:54:36PM +0200, Matthias Andree wrote:
Am 08.09.2011 13:52, schrieb Matt Burke:
Changing to a hypothetical example, why would an Apache vulnerability in
mod_rewrite in the least bit bother a person who doesn't have the module
enabled, which I believe is the standard configuration? Would you prefer
Apache be deleted from ports if it took longer than expected to fix it?
That wouldn't happen anyways because the package is actively maintained,
unlike many of the ports the discussion is about.
You (and others) place *far* too much emphasis on a piece of software
being "maintained"
What the current FreeBSD policy of actively deleting perfectly usable ports
instead of putting a mild hurdle in the way is saying, is that FreeBSD will
stop me doing what I may want to do because FreeBSD knows best.
The port isn't perfectly usable (because that would mean it's usable in
all circumstances for all advertised purposes, which is explicitly not
the case in the light of known vulnerabilities).
In which case just about no port is 'perfectly usable' since almost all
non-trivial software contains bugs - at least some of which are not
documented, meaning that it isn't usable in *all* circumstances for
*all* advertised purposes.
I can't necessarily speak for everyone, but I suspect that this is
why 'being "maintained"' is seen as important. All software has bugs;
what is important is that they are fixed as they are discovered,
rather than being left to rot.
Sorry, but "maintained" doesn't mean any quarantee of quick and proper
fix. FreeBSD it-self has many known bugs unfixed for a years. (and some
of them are really serious) Does it mean that we should stop using
FreeBSD, deinstall it from all servers and use something else? I don't
think so.
I am happy user of FreeBSD for more than 10 years, because it gives me a
freedom of choice - not enforcing me to anything.
I am expecting warning message in case of some problem in base or ports
/ packages, but I am here to make a decision what to do next.
If I like foreign decision, I will use another OS, which can silently
uninstall affected packages... but I don't like this idea!
--------------------------------------------------------------
From my point of view, there are huge pressure in "cleaning" ports by
removing anything suspicious. There are more and more people working on
removing ports. FreeBSD lacks man power on another places.
For example I repeatedly sent some improvements and fixes to freebsd-rc
in last few years without any reaction. It's OK, I can maintain it
privately, but nobody else will benefit from this work.
So FreeBSD have not working iSCSI initiator rc.d script in these days,
but will have few ports less...
I don't think this is the right way to go, but I can live with it. I
know that it is all about interest of other volunteers.
Just my $0.02 to this almost useless discussion.
Miroslav Lachman
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
