On Thu, 14 Mar 2024, at 22:59, Daniel Engberg wrote: > Since we've moved to git perhaps another option might be to create a separate > repo (possibly via submodules) with less restricive polices and have > that as an "add-on" for the official tree without the ports team's and > committers's involvement, a bit like "you're on your own" approach?
100% agree with this. Stuff with an active maintainer: keep in the official tree. Stuff without, or stuff that depends on stuff without - into the 'unsupported' tree. Some distros (notably Debian) do this. It's 2024 not 1994 and most computers are connected to the internet either directly or indirectly. I'd argue there is no place in the official tree for poorly/non-maintained ports. I imagine having such a system would markedly decrease the maintenance burden of those responsible for the port infrastructure. As a user of ports (a dev only in the sense of reporting issues if one can be a dev in that sense) i feel it would be better to *not have a port at all in the official tree* than to have one which is not maintained and possibly or probably vulnerable. Remember that not all vulns make it into the vulxml. Having different trees would help new and older users alike to trust ports, and would add to transparency of freebsd generally. just my $0.02
