Re: Remove www/puppet-dashboard?

2017-08-28 Thread Sebastian Reitenbach 
Hi,

On Monday, August 28, 2017 03:11 CEST, Jeremy Evans  wrote:

> puppet-dashboard is one of the only remaining ports still depending on
> ruby 1.8.
>
> Embeds Rails 2.3.17, released in Feburary 2013, and many other ruby
> libraries of similar vintage.  I'm not sure it's actually vulnerable to
> any of the many Rails vulnerabilities announced since, but it wouldn't
> surprise me.
>
> Port doesn't actually build anything, it basically just untars and
> retars the distfile, other than fixing shebang lines and changing
> some hardcoded paths.  I think removing it using the following quirk
> makes sense:
>
> "web application with no benefit being packaged"
>
> OKs to remove?

IIRC, I asked quite some time ago, but at thta time, someone was still using it.
But removing it is fine with me, puppetboard is a nice alternative ;)

Sebastian

>
> Thanks,
> Jeremy

Re: Remove www/puppet-dashboard?

2017-08-28 Thread Jasper Lievisse Adriaanse 
On Mon, Aug 28, 2017 at 07:46:37AM +0200, Antoine Jacoutot wrote:
> On Sun, Aug 27, 2017 at 06:11:22PM -0700, Jeremy Evans wrote:
> > puppet-dashboard is one of the only remaining ports still depending on
> > ruby 1.8.
> > 
> > Embeds Rails 2.3.17, released in Feburary 2013, and many other ruby
> > libraries of similar vintage.  I'm not sure it's actually vulnerable to
> > any of the many Rails vulnerabilities announced since, but it wouldn't
> > surprise me.
> > 
> > Port doesn't actually build anything, it basically just untars and
> > retars the distfile, other than fixing shebang lines and changing
> > some hardcoded paths.  I think removing it using the following quirk
> > makes sense:
> 
> It does provide a detailed pkg-readme.
> But yeah, the last release is from 2014 and this application has been 
> deprecated
> for years anyway.
> 
> > "web application with no benefit being packaged"
> > 
> > OKs to remove?
> 
> OK with me.
> 
> -- 
> Antoine

I'm OK with removing it, however I'd paint the bikeshed with 'no longer
maintained upstream'.

Cheers,
-- 
jasper

Re: Remove www/puppet-dashboard?

2017-08-27 Thread Antoine Jacoutot 
On Sun, Aug 27, 2017 at 06:11:22PM -0700, Jeremy Evans wrote:
> puppet-dashboard is one of the only remaining ports still depending on
> ruby 1.8.
> 
> Embeds Rails 2.3.17, released in Feburary 2013, and many other ruby
> libraries of similar vintage.  I'm not sure it's actually vulnerable to
> any of the many Rails vulnerabilities announced since, but it wouldn't
> surprise me.
> 
> Port doesn't actually build anything, it basically just untars and
> retars the distfile, other than fixing shebang lines and changing
> some hardcoded paths.  I think removing it using the following quirk
> makes sense:

It does provide a detailed pkg-readme.
But yeah, the last release is from 2014 and this application has been deprecated
for years anyway.

> "web application with no benefit being packaged"
> 
> OKs to remove?

OK with me.

-- 
Antoine

Remove www/puppet-dashboard?

2017-08-27 Thread Jeremy Evans 
puppet-dashboard is one of the only remaining ports still depending on
ruby 1.8.

Embeds Rails 2.3.17, released in Feburary 2013, and many other ruby
libraries of similar vintage.  I'm not sure it's actually vulnerable to
any of the many Rails vulnerabilities announced since, but it wouldn't
surprise me.

Port doesn't actually build anything, it basically just untars and
retars the distfile, other than fixing shebang lines and changing
some hardcoded paths.  I think removing it using the following quirk
makes sense:

"web application with no benefit being packaged"

OKs to remove?

Thanks,
Jeremy