atom feed96 messages in org.freebsd.freebsd-portsRe: Re: sysutils/cfs
FromSent OnAttachments
Chris ReesSep 4, 2011 9:55 am 
Chris ReesSep 4, 2011 12:20 pm 
Julian H. StaceySep 4, 2011 1:32 pm 
Chris ReesSep 4, 2011 1:36 pm 
Mark LinimonSep 4, 2011 4:17 pm 
per...@pluto.rain.comSep 4, 2011 7:12 pm 
Julian H. StaceySep 5, 2011 2:32 am 
Julian H. StaceySep 5, 2011 3:05 am 
Chris ReesSep 5, 2011 4:11 am 
Oliver FrommeSep 5, 2011 4:38 am 
Doug BartonSep 5, 2011 5:40 am 
Julian H. StaceySep 5, 2011 9:29 am 
Mikhail T.Sep 5, 2011 10:15 am 
Chris ReesSep 5, 2011 10:31 am 
Kostik BelousovSep 5, 2011 11:01 am 
Mikhail T.Sep 5, 2011 11:29 am 
Matthias AndreeSep 5, 2011 12:06 pm 
Mikhail T.Sep 5, 2011 2:42 pm 
Julian H. StaceySep 5, 2011 2:46 pm 
per...@pluto.rain.comSep 5, 2011 4:05 pm 
Eitan AdlerSep 5, 2011 4:29 pm 
Doug BartonSep 5, 2011 7:13 pm 
Yar TikhiySep 5, 2011 9:52 pm 
Tony McSep 6, 2011 1:13 am 
Chris ReesSep 6, 2011 6:19 am 
Matthias AndreeSep 6, 2011 10:12 am 
per...@pluto.rain.comSep 6, 2011 5:15 pm 
per...@pluto.rain.comSep 6, 2011 5:15 pm 
Yar TikhiySep 6, 2011 5:34 pm 
Doug BartonSep 6, 2011 9:14 pm 
Mikhail T.Sep 6, 2011 10:25 pm 
Stanislav SedovSep 6, 2011 11:29 pm 
Erwin LansingSep 6, 2011 11:32 pm 
Chad PerrinSep 7, 2011 12:35 am 
per...@pluto.rain.comSep 7, 2011 3:24 am 
Kurt JaegerSep 7, 2011 3:53 am 
Peter JeremySep 7, 2011 4:36 am 
Erik TrulssonSep 7, 2011 4:54 am 
Oliver FrommeSep 7, 2011 6:52 am 
Chad PerrinSep 7, 2011 8:20 am 
Chad PerrinSep 7, 2011 8:24 am 
Mikhail T.Sep 7, 2011 8:52 am 
Erik TrulssonSep 7, 2011 8:56 am 
Chris ReesSep 7, 2011 9:03 am 
Chad PerrinSep 7, 2011 9:17 am 
Mikhail T.Sep 7, 2011 9:19 am 
per...@pluto.rain.comSep 7, 2011 3:15 pm 
Doug BartonSep 7, 2011 3:45 pm 
Mikhail T.Sep 7, 2011 5:14 pm 
Julian H. StaceySep 7, 2011 6:28 pm 
Glen BarberSep 7, 2011 9:12 pm 
Chris ReesSep 7, 2011 11:20 pm 
Greg ByshenkSep 8, 2011 1:41 am 
Julian H. StaceySep 8, 2011 2:31 am 
Matt BurkeSep 8, 2011 4:52 am 
Mikhail T.Sep 8, 2011 7:15 am 
Michel TalonSep 8, 2011 7:45 am 
Matthias AndreeSep 8, 2011 9:36 am 
Matthias AndreeSep 8, 2011 9:46 am 
Matthias AndreeSep 8, 2011 9:54 am 
Chad PerrinSep 8, 2011 2:23 pm 
Julian H. StaceySep 8, 2011 4:00 pm 
Julian H. StaceySep 8, 2011 5:26 pm 
Chad PerrinSep 8, 2011 6:05 pm 
Erik TrulssonSep 8, 2011 10:21 pm 
Erik TrulssonSep 8, 2011 10:27 pm 
Greg ByshenkSep 9, 2011 12:48 am 
Conrad J. SabatierSep 9, 2011 2:09 am 
Miroslav LachmanSep 9, 2011 2:25 am 
Conrad J. SabatierSep 9, 2011 4:20 am 
Matt BurkeSep 9, 2011 5:38 am 
Matthias AndreeSep 9, 2011 9:06 am 
Matthias AndreeSep 9, 2011 10:05 am 
Matthias AndreeSep 9, 2011 10:12 am 
Conrad J. SabatierSep 9, 2011 10:45 pm 
Chris ReesSep 9, 2011 11:38 pm 
per...@pluto.rain.comSep 10, 2011 12:11 am 
Matthias AndreeSep 10, 2011 3:08 am 
Matthias AndreeSep 10, 2011 3:24 am 
Chad PerrinSep 10, 2011 9:12 am 
Chad PerrinSep 10, 2011 9:17 am 
Matthias AndreeSep 10, 2011 1:38 pm 
Conrad J. SabatierSep 10, 2011 1:51 pm 
Chad PerrinSep 10, 2011 3:43 pm 
per...@pluto.rain.comSep 10, 2011 4:14 pm 
Julian H. StaceySep 12, 2011 2:31 pm 
Eric MassonSep 13, 2011 2:23 am 
Mark LinimonSep 13, 2011 8:55 am 
Matthias AndreeSep 13, 2011 10:13 am 
Chris ReesSep 13, 2011 10:41 am 
Chris ReesSep 13, 2011 10:44 am 
Chris ReesSep 13, 2011 11:24 am 
Chris ReesSep 13, 2011 1:51 pm 
Julian H. StaceySep 13, 2011 3:57 pm 
Glen BarberSep 13, 2011 7:20 pm 
Jason HellenthalSep 13, 2011 8:55 pm 
Subject:Re: Re: sysutils/cfs
From:Kostik Belousov (kost@gmail.com)
Date:Sep 5, 2011 11:01:51 am
List:org.freebsd.freebsd-ports

On Mon, Sep 05, 2011 at 06:32:00PM +0100, Chris Rees wrote:

On 5 Sep 2011 18:15, "Mikhail T." <mi+th@aldan.algebra.com> wrote:

On -10.01.-28163 14:59, Chris Rees wrote:

I've had to deprecate sysutils/cfs -- there's a confirmed issue with failing locks [1] which has been open for two years with no fix.

Whoops, also missed a CVE -- buffer overflows can cause a DoS. Expiration date altered to 1 month accordingly.

Is this the only vulnerability you are talking about?

http://www.debian.org/security/2006/dsa-1138

Does not seem hard to fix at all... Listing all of the fatal problems

would be helpful...

-mi

If it's not that hard to fix then do it. If you're not going to fix it, why are you even commenting?

More noise. Stop whining and do something about it.

No, it is not a noise.

First, note that an issue in the local deamon can be only utilized by local users. As a consequence, there is a huge set of machines for which the cited issue is simply irrelevant.

For the analogous issues that are irrelevant for 90% of the port users, look at the vulnerabilities listed for the quake ports.

Second, I personally consider the crusade to remove old but compiling and working (*) ports as a damage both to the project functionality and to the project reputation.

* Working exactly because users report bugs in the software, otherwise they would not be able to describe corner cases that break.

I saw a port that is:

- broken - vulnerable - unmaintained - dead upstream - has been removed by other distributions

I don't use it, you don't use it, why do you care?

See above. This is the sort of rethoric that I find damaging.

The only point that I buy from the list is 'had been removed by other distributions'. Everything else is relative, and since _you_ are not the user of the package, did not even tried to use it, and obviously not estimated the risks and brokeness of the package right (as shown by two episodes, once with the NLM, second with the vulnerability), I consider the removal as frivolous and damaging.

It only continues the trend, I agree.