Re: CVS commit: pkgsrc/sysutils

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Fri, Aug 22, 2025 at 01:06:07PM +0200, Thomas Klausner wrote:
> On Fri, Aug 22, 2025 at 01:02:28PM +0200, Manuel Bouyer wrote:
> > On Fri, Aug 22, 2025 at 06:52:53AM -0400, Greg Troxel wrote:
> > > > This has already been discussed if I remember properly, and no good solution
> > > > was proposed.
> > > > What is in the pkgsrc guide doesn't work.
> > > 
> > > pkg-vulnerabilities seems like a good solution for EOL software.
> > 
> > It is, but here we're talking about a package being removed in the near
> > furture, and migrating to another package. It's not the same thing.
> 
> But the EOL part of pkg-vulnerabilities is exactly for this purpose.
> What am I missing?

To me, EOL in pkg-vulnerabilities means that it's unsupported
upstream (and no may be affected by unreported security issues), but it's only
loosely related to it's removal from pkgsrc. We may keep a EOL package
in pkgsrc because it's still usefull in some context (we did for pre-rust
versions of firefox, AFAIK), or we may choose to remove a package
even if the software is still maintained upstream (this happended with
Xen in the past for maintenance cost reasons).

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--