On Sun, 3 Feb 2019, Joshua Root wrote:
No official policy. My view is that the only clear-cut case is when a port doesn't build or work at all, anywhere, and there's no real chance of that ever changing.
How about insecure ports such as Procmail? It's a scripting language, with Shell access, that believes user data; I believe it's no longer maintained by the author, and the coding style is unreadable, making it difficult to spot vulnerabilities.
http://www.cvedetails.com/vendor/225/Procmail.html makes interesting reading, as does any search for "procmail CVE". Perhaps it's just me, but I don't think insecure software belongs in MacPorts unless someone is willing to fix it (and good luck with Procmail).
There are alternatives; I cannot remember their names. but "sieve" (or similar) springs to mind. -- Dave
