On 25/03/2021 07:26, Dewayne Geraghty wrote:
On 25/03/2021 4:01 am, Miroslav Lachman wrote:
I really appreciate the work of ports team, committers and maintainers
but I dislike double standards. All ports requiring Python 2.7 were
marked deprecated the last year almost all of them removed according to
expiration date 2020-12-31 but some of them are still there.
If there is Python 2.7, if there is Chromium then any of removed ports
can be there. If "we" want to get rid of them then "we" should remove
all of them and not just some by sentiment.
For example Iridium browser was removed because of Python 2.7 but
Chromium is still there. They are both based on the same source with the
same dependencies but Iridium cares more about privacy, yet it was
slaughtered instead of Chromium.
I really would like to see some policies for things like this next time.
Miroslav Lachman
Thanks Miroslav, I have the same view. Though I agree with Rene about
the need to remove vulnerable ports and the interests of the FreeBSD
community, its worth considering those with both a need and an
understanding of the ramifications of using python2.7.
From the security point of view I can agree with removing ports
requiring Python 2.7 as run dependency but if I have it right, Iridium
nor Chromium have it as run dependency. Python is needed for build only
so users of Chromium, Iridium and many other ports / packages do not
need to have vulnerable Python 2.7 installed. But these ports were
removed anyway even if there is not proper replacement. Or in case of
Chromium vs Iridium the better one was removed.
Kind regards
Miroslav Lachman
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
