On Wed, Feb 06, 2013 at 08:36:12PM +0100, Achim Gratz wrote: >Yaakov (Cygwin/X) writes: >> On Tue, 05 Feb 2013 20:56:42 +0100, Erwin Waterlander wrote: >>> It doesn't matter that it is not secure. >> >> Yes, it does. IMHO it is irresponsible on our part to distribute >> unmaintained or knowingly vulnerable software, and it reflects badly on >> the Cygwin project. > >Well, the target OS has been unmaintained for much longer
...and isn't available for installation from the company which issued it. That hardly proves your point. >and even worse, you can't even download the service packs and patches >for it anymore. I'm sure you know that Yaakov and I both understand the state of older versions of Windows and don't need to have this explained. >I hope I will never have to re-install my Win98SE laptop... If this is a concern then you should be making backups, not relying on web sites to keep the software around in perpetuity. >but I need to keep it around, for two reasons: I have a scanner that >never got drivers for any later version than WinME and unfortunately >has buggy firmware that the Linux community hasn't yet (and probably >never will) work around, so it would otherwise be a sad case of >electronic waste. The other reason is that I did manage to install an >almost up-to-date version of .Net onto it and this means I can use it >as a very nice logic analyzer (it has a touch screen) by connecting a >small box to USB so it actually does something useful without ever >getting connected to the net. > >We actually have a bunch of PC at our lab at work still running Win98 >or WinNT for very much the same reason: expensive hardware that never >got their drivers updated (manufacturer gone belly-up or getting rid of >that particular product line or asking us to buy new hardware with new >drivers that actually doesn't do what the old one did). These aren't >connected to the net as well, so there's no worry about their security, >especially as you can't go into the lab without an access token anyway. None of the above is a justification for keeping an outdated version of Cygwin sitting around. If the machines were connected to the network and needed to periodically download the legacy software that would be a mild argument in favor of keeping legacy around. But, you specifically say that this isn't the case. Your laptop presumably already has Cygwin installed and you are likely not regularly installing new packages on it since you are apparently only using it for limited purposes. Anyway, I'm sorry I put this to a vote. I've nuked the legacy code from the release area. I haven't removed the link from the web site so we'll see if someone complains to the cygwin mailing list. As I mentioned, there were 14 attempts to download the legacy code last year. That is not a strong justification for keeping it around. Lots of OS distributions retire old versions. We don't have to be an exception. cgf
