[macports-ports] branch master updated: nrpe, nsca: remove outdated ports

Dave Horsfall dave at horsfall.org
Sun Feb 3 01:59:28 UTC 2019


On Sun, 3 Feb 2019, Joshua Root wrote:

> No official policy. My view is that the only clear-cut case is when a 
> port doesn't build or work at all, anywhere, and there's no real chance 
> of that ever changing.

How about insecure ports such as Procmail?  It's a scripting language, 
with Shell access, that believes user data;  I believe it's no longer 
maintained by the author, and the coding style is unreadable, making it 
difficult to spot vulnerabilities.

http://www.cvedetails.com/vendor/225/Procmail.html makes interesting 
reading, as does any search for "procmail CVE".  Perhaps it's just me, but 
I don't think insecure software belongs in MacPorts unless someone is 
willing to fix it (and good luck with Procmail).

There are alternatives; I cannot remember their names. but "sieve" (or
similar) springs to mind.

-- Dave


More information about the macports-users mailing list