Re: Python 2.7 removal outline
Le vendredi 26 mars 2021, 22:43:12 CET Chris a écrit : > Honestly. If something "just works", isn't a "security risk". Than don't fix > it! Not so simple... But for build-only dependencies, I concur. But anyway, all new security reports for 3.x will be fixed in Tauthon. I've now already reviewed 55 security bugs from PSF and fixed those appropriate (most are either not bugs, or irrelevant, or already fixed in 2.7 or Tauthon proper). I have ~20 more to review (and possibly fix), then I'll test the result and finally push all this upstream. -- Olivier Certner ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Python 2.7 removal outline
and more dropping Python > 2.7 too. This also has to do with how their branching model works, the > package set of Ubuntu LTS is determined a few months before the release > itself. Debian is still tolerating Python 2.7 for build-only dependencies in bullseye, which is due to be released imminently, and will be supported until around 2024. Ubuntu 20.04 LTS incorporates it, apparently without restrictions (I see a full suite of packages relying on 2.7 there), and this release will be supported until... April 2025. So, yes, faster by at least 2 years. Surely, we are not organized the same, and do not have the same manpower and/ or money. However, their security teams do not seem to think that phasing out CPython 2.7 right now is of uttermost importance. Some Debian links on the topic: https://tracker.debian.org/pkg/python2.7 https://wiki.debian.org/Python/2Removal I must point out that this last page, although listing interesting links, seems itself seriously outdated, as it is contradicted by facts (e.g., 2.7 is in bullseye, and it is indeed receiving security fixes, see the first link). It seems that they have changed their mind in light of needs and demands. Food for thought for portmgr@? And again, there would be no hurry at all for build-only dependencies. Or is there? May I ask on which ground exactly? > As can be seen on [2], multiple vulnerabilities already have > been fixed for Python 3.6 to 3.9 this year. > [2] https://www.python.org/downloads/release/python-392/ I've started looking into these vulnerabilities. Most are simple to understand, and their patches even readily apply to Tauthon when relevant. Going to submit a bunch of them upstream. At least, this is possible with Tauthon, contrary to CPython 2.7. But in the end, I don't think this is really important for the dependent ports issue, since, again, we are talking about build-only dependencies on CPython. That was just for the sake of re-establishing a more accurate balance of facts. Given the track record of recent reactions of portmgr@, I'm now not foolish enough to believe that all that precedes is going to have any visible effect on them. Now, for the two possible ways out, I'm still having some hope (but frankly not that much). 1. Add the infrastructure to have build-only dependencies. I've proposed changes to that end (https://reviews.freebsd.org/D28946). In addition to the comments in the review, bapt@ rightfully pointed out that 'make install' would still be possible to run for ports listed in NORUNTIME. I acknowledge that this is indeed a problem in the current problem, but think it could be solved technically (e.g., forbidding 'make install' for those ports, but allowing it when building a dependent port through an environment variable, and removing the install after the build). Which reinforces my thinking that the "problem", whatever that is, is not technical, but human. Overall, portmgr@ doesn't really seem to be interested in this solution (got short reactions such as "with RESTRICTED, we don't need this", or "this would be a precedent", indeed a useful one if you're asking me). 2. Leverage overlays to provide additional repos, a bit like AUR for Arch. Here I'm in fact building on top of one of bapt@'s ideas. Sounds great for publishing ports that are not in the official tree. But not necessarily for package building: I personally won't commit to maintaining a separate build cluster for all arches and supported FreeBSD versions, in the short term at least. I re-read portmgr@'s charter (https://www.freebsd.org/portmgr/charter/). I wish it contained points about proper planning, communication and helping maintainers and committers instead of destroying their work without notice, even for "niche" ports. Perhaps it doesn't because this was implicit or taken for granted. In which case, in light of recent events, it may be a good time to revise it. -- Olivier Certner ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Build/install failure of devel/subversion
Same here on 9.2-STABLE. Looking at the logs, I saw strange libtool lines saying that the libs mentioned by pkg-static were not installed in /usr/local/lib, and a preamble about Berkeley DB 6 that had not been tested by Subversion developers and the fact that subversion's Berkeley DB backend was deprecated. So I switched the DBD option to off and install worked. YMMV of course. Regards, Olivier ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: editors/openoffice.org-3 - build fails
Hi, Le samedi 09 mai 2009, Torfinn Ingolfsen a écrit : There is a workaround in this thread[1] (look for the message about 'dos2unix') which allows the build to continue. More updates later (it takes a while for OOo to build...) I had the same issue here, but in the end only the curl patch appeared to have M$ line terminators. It seems that those have appeared occasionally in some OOO files recently[1] [2]. I thus personally expect to have to deal again with such issues in subsequent builds... By the way, didn't know about the 'dos2unix' program. In the current case, a simple: sed 's%^M$%%' does the trick very well. Regards, Olivier [1] http://thread.gmane.org/gmane.os.freebsd.devel.openoffice/2257 [2] http://www.openoffice.org/issues/show_bug.cgi?id=99305 ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: [RFC/P] Port System Re-Engineering
Le lundi 03 décembre 2007 19:37, Ade Lovett a écrit : I'll thank you for not putting words into my mouth. Actually, we will thank you for not putting any more words in your own mouth. You seem unable to grasp even basic statistical fundamentals of what a survey entails, and have repeatedly worked on the basis that somehow anyone who even points out the simplest of flaws is part of the them camp. You seem to be the average geek fundamentally unable to head up and look at the real world around you. Statistics are simply not the point. Aryeh is trying to gather new ideas, possibly different from his own. If they are representative, it's a plus. But who cares if he doesn't manage to gather enough information? He is not doing a poll on behalf of any company that would like perfectly detailed results, AFAIK. This is not us vs them. You've decided to take on, as countless others before you have done, an attempt at changing status quo without providing even the basics, let alone prototypes, as to how it *might* be done. They are not talking about how but what might be done, something you even didn't mention in your own mails. Quite frankly, this appears to be nothing more than random thoughts, with not even an iota of concrete information to back it up. Naturally, I can't speak for the FreeBSD community at large, but from this keyboards perspective, you're doing nothing other than wasting time. Prove me wrong. Consider it a challenge. Who are you to deserve that someone would have to cope with stupid challenges in order to obtain answers from you? You don't want to give your opinion, do you? That's fine. It simply won't be taken into account. But, please, leave away from discouraging others or trying to make them waste their time. And just a final word about your older statements: Just exactly what have you done for FreeBSD to the point where you believe you are able to state such a sentence? I certainly wouldn't dream of writing something like this -- you can check ports/ commit logs for my background. Do you really think your background will protect you from criticism? Do you really think quantity is related to quality? At least, you've left this thread, and that's better for everybody. Please consider growing up before posting such null and void answers. Olivier Certner ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to [EMAIL PROTECTED]
