Re: Remove www/puppet-dashboard?
Hi, On Monday, August 28, 2017 03:11 CEST, Jeremy Evanswrote: > puppet-dashboard is one of the only remaining ports still depending on > ruby 1.8. > > Embeds Rails 2.3.17, released in Feburary 2013, and many other ruby > libraries of similar vintage. I'm not sure it's actually vulnerable to > any of the many Rails vulnerabilities announced since, but it wouldn't > surprise me. > > Port doesn't actually build anything, it basically just untars and > retars the distfile, other than fixing shebang lines and changing > some hardcoded paths. I think removing it using the following quirk > makes sense: > > "web application with no benefit being packaged" > > OKs to remove? IIRC, I asked quite some time ago, but at thta time, someone was still using it. But removing it is fine with me, puppetboard is a nice alternative ;) Sebastian > > Thanks, > Jeremy
Re: Remove www/puppet-dashboard?
On Mon, Aug 28, 2017 at 07:46:37AM +0200, Antoine Jacoutot wrote: > On Sun, Aug 27, 2017 at 06:11:22PM -0700, Jeremy Evans wrote: > > puppet-dashboard is one of the only remaining ports still depending on > > ruby 1.8. > > > > Embeds Rails 2.3.17, released in Feburary 2013, and many other ruby > > libraries of similar vintage. I'm not sure it's actually vulnerable to > > any of the many Rails vulnerabilities announced since, but it wouldn't > > surprise me. > > > > Port doesn't actually build anything, it basically just untars and > > retars the distfile, other than fixing shebang lines and changing > > some hardcoded paths. I think removing it using the following quirk > > makes sense: > > It does provide a detailed pkg-readme. > But yeah, the last release is from 2014 and this application has been > deprecated > for years anyway. > > > "web application with no benefit being packaged" > > > > OKs to remove? > > OK with me. > > -- > Antoine I'm OK with removing it, however I'd paint the bikeshed with 'no longer maintained upstream'. Cheers, -- jasper
Re: Remove www/puppet-dashboard?
On Sun, Aug 27, 2017 at 06:11:22PM -0700, Jeremy Evans wrote: > puppet-dashboard is one of the only remaining ports still depending on > ruby 1.8. > > Embeds Rails 2.3.17, released in Feburary 2013, and many other ruby > libraries of similar vintage. I'm not sure it's actually vulnerable to > any of the many Rails vulnerabilities announced since, but it wouldn't > surprise me. > > Port doesn't actually build anything, it basically just untars and > retars the distfile, other than fixing shebang lines and changing > some hardcoded paths. I think removing it using the following quirk > makes sense: It does provide a detailed pkg-readme. But yeah, the last release is from 2014 and this application has been deprecated for years anyway. > "web application with no benefit being packaged" > > OKs to remove? OK with me. -- Antoine
Remove www/puppet-dashboard?
puppet-dashboard is one of the only remaining ports still depending on ruby 1.8. Embeds Rails 2.3.17, released in Feburary 2013, and many other ruby libraries of similar vintage. I'm not sure it's actually vulnerable to any of the many Rails vulnerabilities announced since, but it wouldn't surprise me. Port doesn't actually build anything, it basically just untars and retars the distfile, other than fixing shebang lines and changing some hardcoded paths. I think removing it using the following quirk makes sense: "web application with no benefit being packaged" OKs to remove? Thanks, Jeremy