Re: Removal of rxvt/mrxvt from pkgsrc?

To: Tobias Nygren <tnn%NetBSD.org@localhost>
Subject: Re: Removal of rxvt/mrxvt from pkgsrc?
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Sat, 20 Jun 2026 13:41:52 -0400

Tobias Nygren <tnn%NetBSD.org@localhost> writes:

> This has been proposed before and again I will point out that both rxvt
> and mrxvt in pkgsrc has been patched for the linked CVE.
> If we decide to remove packages that have no active upstream then
> many others should be on the chopping block before (m)rxvt.
> This is not an objection from me but a merely a plead for factuality and
> consistency.

As I know tnn@ knows, we have a vulnerability database and I invite
@bsdlisten to inspect it.  Certainly point out if it's off.

Agreed we have old things, and we note in DESCR if they are
unmaintained.  People often choose to run them anyway.

We remove packages when:

  we genuinely believe there are and will be zero users

  we believe there are few users and there is real work/pain caused by
  the continued presence of the packages

We do not remove packages because of "I don't think other people should
run this", unless it's outright malware.

We have 2 people who objected, and no evidence of any pain -- so I think
we're done and it's not getting removed.

References:
- Removal of rxvt/mrxvt from pkgsrc?
  - From: Rares Aioanei
- Re: Removal of rxvt/mrxvt from pkgsrc?
  - From: Tobias Nygren

Prev by Date: Re: Removal of rxvt/mrxvt from pkgsrc?
Next by Date: py-pyside6 & freecad
Previous by Thread: Re: Removal of rxvt/mrxvt from pkgsrc?
Next by Thread: py-pyside6 & freecad
Indexes:

Home | Main Index | Thread Index | Old Index