Donovan Watteau writes: > As for Gnuboy: is it dead, or is it done? There are other "old > alternatives" in the ports tree (for example in editors), and we're > keeping them, as long as there's someone taking care of them (unless > the code is too broken or too dangerous). Gambatte is more modern, > but it looks mostly unmaintained for the past 3 years, so I don't > know if the difference with Gnuboy is that big.
Gnuboy has been completely unmaintained for over 15 years. That's a significant difference. > "avoid adding old stuff to the ports > tree if there's a good alternative that's maintained" I agree with that sentiment. The trouble with providing packages is that if they exist, people use them. Auditing the entire ports tree is obviously impossible, but we should put at least occasional effort into pruning very old ports and refrain from adding old software that is likely to be a problem. Emulators in particular are prone to security issues. They frequently allocate buffers, *constantly* deal with untrusted input, and execute code by nature. Holes are common: https://mgba.io/2016/09/13/fuzzing-emulators/ https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-compromising-linux-desktop.html https://www.youtube.com/watch?v=Q3SOYneC7mU Thanks for porting, but this particular port I would rather not have in tree. -- Anthony J. Bentley
