[macports-ports] branch master updated: nrpe, nsca: remove outdated ports

macports at raf.org macports at raf.org
Sun Feb 3 23:40:58 UTC 2019


Dave Horsfall wrote:

> On Sun, 3 Feb 2019, Joshua Root wrote:
> 
> > No official policy. My view is that the only clear-cut case is when a
> > port doesn't build or work at all, anywhere, and there's no real chance
> > of that ever changing.
> 
> How about insecure ports such as Procmail?  It's a scripting language, with
> Shell access, that believes user data;  I believe it's no longer maintained
> by the author, and the coding style is unreadable, making it difficult to
> spot vulnerabilities.
> 
> http://www.cvedetails.com/vendor/225/Procmail.html makes interesting
> reading, as does any search for "procmail CVE".  Perhaps it's just me, but I
> don't think insecure software belongs in MacPorts unless someone is willing
> to fix it (and good luck with Procmail).
> 
> There are alternatives; I cannot remember their names. but "sieve" (or
> similar) springs to mind.
> 
> -- Dave

I rely heavily on procmail, but on debian, not macos.
I wonder if the debian developers have fixes for the
vulnerabilities. I'd hate to see it go. I'll have to
look into it when I get a chance.

cheers,
raf



More information about the macports-users mailing list