Re: Removal of rxvt/mrxvt from pkgsrc?

To: Rares Aioanei <bsdlisten%outlook.com@localhost>
Subject: Re: Removal of rxvt/mrxvt from pkgsrc?
From: Tobias Nygren <tnn%NetBSD.org@localhost>
Date: Sat, 20 Jun 2026 19:30:57 +0200

On Sat, 20 Jun 2026 19:59:21 +0300
Rares Aioanei <bsdlisten%outlook.com@localhost> wrote:

> Hello,
> 
> I'd like to propose the removal of mrxvt from pkgsrc on the grounds that
> 
> 1. it's not maintained anymore (last release was in 2008)
> 2. it's vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2017-7483 and 
> there is no fix from upstream
> 3. probably because of 1. and 2. OpenBSD and FreeBSD removed it from 
> their respective ports system -- 
> https://marc.info/?l=openbsd-ports-cvs&m=149833297519829&w=2
> 
> PS : On this note, the last release of rxvt was in March 2003, and looks 
> like it's also vulnerable to the same CVE listed above.

Hi,

This has been proposed before and again I will point out that both rxvt
and mrxvt in pkgsrc has been patched for the linked CVE.
If we decide to remove packages that have no active upstream then
many others should be on the chopping block before (m)rxvt.
This is not an objection from me but a merely a plead for factuality and
consistency.

Kind regards,
-Tobias

Follow-Ups:
- Re: Removal of rxvt/mrxvt from pkgsrc?
  - From: Greg Troxel

References:
- Removal of rxvt/mrxvt from pkgsrc?
  - From: Rares Aioanei

Prev by Date: Re: Removal of rxvt/mrxvt from pkgsrc?
Next by Date: Re: Removal of rxvt/mrxvt from pkgsrc?
Previous by Thread: Re: Removal of rxvt/mrxvt from pkgsrc?
Next by Thread: Re: Removal of rxvt/mrxvt from pkgsrc?
Indexes:

Home | Main Index | Thread Index | Old Index