Stefan Sperling, 19 Nov 2014 09:08: > Code (no matter how old) riddled with security bugs should be removed > if nobody steps up to fix them. Philip doesn't want to step up. I don't > want to step up (I still use procmail at the moment but I'd rather look > for better alternatives). You don't want to fix the code either. > Nobody else raised their hand...
well, not yet. > I don't think there's a discussion to be had. The same happened > to userland ppp and other software with similar problems. i think the procmail user base is a bit bigger than userland ppp. maybe if the need for a new upstream maintainer becomes known in bigger circles, someone(s) will step up. if that does not happen for a while, then yes, it is burried. but even then, i think the port should not be removed. most of the software in ports has bugs, so what. but a new revision of the port should point out that the package has issues and it is a security liability. it is up to the user if they accept the risk. -f -- imagination is more important than knowledge. -- einstein
