(This is not related to "the DJB thread")

On 04/09/2001, Marc Espie <espieschutzenberger.liafa.jussieu.fr> wrote To portsopenbsd.org:
> The ports system is a practical system. As its quality improves (as it
> has steadily), the rules get more stringent. And we get more time to check
> details.

Since I am planning to port GIGAbase and Oops to OpenBSD I've
read the relevant documents and now I *am* curious ..

There are now a sh*tload of ports (good thing), but I wonder *who really*
controls that the recommendations are fulfilled?

Let me quote something from there (especially security rec.)
"Do not use alpha or beta code when preparing a port. Use the latest
 regular or patch release."
Hm, there is beta software in the ports tree.

"[..] especially unsafe use of
    strcat/strcpy/strcmp/sprintf. In general, sprintf should be
 replaced with snprintf."
Hm, there is "pine" and other software which has proven to have such
defects.

Well, basically for any point in the policy and the referenced security
recommendations I probably find a port which violates that.

Now, where's the point (No, I do not want to have ports removed which are
"violating" this policy)? Maybe I just misunderstand something general here.
Basically a recommendation is a "should", no? So it would not be
violating.

I am just estimating *my* effort for porting software, and looking at
porting.html and checklist.html this is NOT just some patches 'til it
"compiles".

Insights?

ciao

-- 
Philipp Buehler, aka fips | sysfive.com GmbH | BOfH | NUCH | <double-p> 
#1: Break the clue barrier!
#2: Already had buzzword confuseritis ? 

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]