On 2024-03-12T15:15:49.000+01:00, Eugene Grosbein <eu...@grosbein.net> wrote: > 12.03.2024 3:24, Daniel Engberg пишет: > > [skip] > > > > Another possible option would be to add something to the port's matedata > > that makes pkg aware and easy notiable > > like using a specific color for portname and related information to signal > > like if it's red it means abandonware and potentially reduced security. > > Of course, we need to inform users but not enforce. Tools, not policy. > Eugene
Hi, Given that we seem to agree on these points in general why should such ports still be kept in the tree? We don't have such tooling available and it wont likely happen anytime soon. Because it's convenient for a committer who uses these in a controlled network despite being potentially harmful for others? Just to be clear, I'm after where do we draw the line in general. If we look at other distros in general based on availability the decision seems to favour overall user security than "convenience". Given that we have security policies etc in place I'd say that we in general are leaning towards user security? Best regards, Daniel
