21.03.2018 0:01, Yuri wrote: > FreeBSD should consider banning and removing them, in the same way as Go > libraries are banned.
Inability to download fixed and known working version and surely not hijacked distfile of Go library is really bad. That is, one of strongest sides of FreeBSD Ports collection is that it is a source of checksums stored independently of distfiles themselves. So, our users are not vulnerable to attacks replacing distfiles with hacked copies. Aside of that, it is very bad habit of Go software to actively download some ever changeing code at compile time for many other reasons. I've faced it porting sysutils/fusefs-webdavfs. I was lucky there were only three such dependency and two of them have Github repositories so it is possible to download distfiles for fixed known revisions. Third dependency got to standard Go distribution since its 1.7 release and simple invocation of sed successfully prevents it from fetching golang.org/x/net/context while building. Otherwise, I doubt that reliable port would be possible to create. I wonder how other Go ports deal with external library dependencies. And are you sure that R package manager is compatible with FreeBSD ports/packaging system? Also, please take a look at https://www.mail-archive.com/freebsd-ports@freebsd.org/msg77613.html It is a bit funny you are bothered on 250 R-cran-* ports when we have 1908 p5-* ports, 964 py-* ports, 600 rubygem-* ports and 280 hs-* ports in the single ports/devel category. Are you planning to ban and remove p5 ports too? Most of them should be from CPAN. We had BSDPAN for some time even... Eugene Grosbein _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
