Dave Horsfall wrote: > On Sun, 3 Feb 2019, Joshua Root wrote: > > > No official policy. My view is that the only clear-cut case is when a > > port doesn't build or work at all, anywhere, and there's no real chance > > of that ever changing. > > How about insecure ports such as Procmail? It's a scripting language, with > Shell access, that believes user data; I believe it's no longer maintained > by the author, and the coding style is unreadable, making it difficult to > spot vulnerabilities. > > http://www.cvedetails.com/vendor/225/Procmail.html makes interesting > reading, as does any search for "procmail CVE". Perhaps it's just me, but I > don't think insecure software belongs in MacPorts unless someone is willing > to fix it (and good luck with Procmail). > > There are alternatives; I cannot remember their names. but "sieve" (or > similar) springs to mind. > > -- Dave
I rely heavily on procmail, but on debian, not macos. I wonder if the debian developers have fixes for the vulnerabilities. I'd hate to see it go. I'll have to look into it when I get a chance. cheers, raf