12.12.2022 03:04, Daniel Dickman пишет: > On Sun, 11 Dec 2022, Klemens Nanni wrote: > >> On Sat, Dec 03, 2022 at 10:15:16PM +0000, Klemens Nanni wrote: >>> On Sat, Dec 03, 2022 at 08:12:59PM +0000, Klemens Nanni wrote: >>>> No upstream activity in years, I don't see py3 bits anywhere, so I >>>> suggest we retire bindings for the EOL python 2. >>>> >>>> Merge -main and -python into a single audio/snack package. >>>> Tested with >>>> # pkg_add py-snack >>>> $ make package >>>> $ cp /usr/ports/packages/amd64/ftp/snack-2.2.10p7.tgz . >>>> $ doas env TRUSTED_PKG_PATH=. pkg_add -u >>>> py-snack-2.2.10p2+snack-2.2.10p6->snack-2.2.10p7: ok >>>> Read shared items: ok >>>> >>>> This gets rid of the last lang/python/2.7,-tkinter consumer, which could >>>> be removed next. >>>> >>>> Feedback? Objection? OK? >>> >>> Now with cvs add'ed files. >> >> No feedback so far. >> >> Simpler diff leaving the MULTI_PACKAGES -main bits behind, then -python >> can be removed with a quirk. >> >> OK? >> > > First of all, I think we may want the fix for CVE-2012-6303: > > https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch > > As for python3, perhaps we can use gentoo's diff for this? > > https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-tcltk/snack/files/tcl-snack-2.2.10-python3.patch
Noone spoke up... anyone interested enough in patching and testing this? Otherwise we might as well plug the CVE and just drop python 2 bindings.
