This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: nuke cygwin legacy?


On Wed, Feb 06, 2013 at 08:36:12PM +0100, Achim Gratz wrote:
>Yaakov (Cygwin/X) writes:
>> On Tue, 05 Feb 2013 20:56:42 +0100, Erwin Waterlander wrote:
>>> It doesn't matter that it is not secure.
>>
>> Yes, it does.  IMHO it is irresponsible on our part to distribute
>> unmaintained or knowingly vulnerable software, and it reflects badly on
>> the Cygwin project.
>
>Well, the target OS has been unmaintained for much longer

...and isn't available for installation from the company which issued
it.  That hardly proves your point.

>and even worse, you can't even download the service packs and patches
>for it anymore.

I'm sure you know that Yaakov and I both understand the state of older
versions of Windows and don't need to have this explained.

>I hope I will never have to re-install my Win98SE laptop...

If this is a concern then you should be making backups, not relying on
web sites to keep the software around in perpetuity.

>but I need to keep it around, for two reasons: I have a scanner that
>never got drivers for any later version than WinME and unfortunately
>has buggy firmware that the Linux community hasn't yet (and probably
>never will) work around, so it would otherwise be a sad case of
>electronic waste.  The other reason is that I did manage to install an
>almost up-to-date version of .Net onto it and this means I can use it
>as a very nice logic analyzer (it has a touch screen) by connecting a
>small box to USB so it actually does something useful without ever
>getting connected to the net.
>
>We actually have a bunch of PC at our lab at work still running Win98
>or WinNT for very much the same reason: expensive hardware that never
>got their drivers updated (manufacturer gone belly-up or getting rid of
>that particular product line or asking us to buy new hardware with new
>drivers that actually doesn't do what the old one did).  These aren't
>connected to the net as well, so there's no worry about their security,
>especially as you can't go into the lab without an access token anyway.

None of the above is a justification for keeping an outdated version of
Cygwin sitting around.  If the machines were connected to the network
and needed to periodically download the legacy software that would be a
mild argument in favor of keeping legacy around.  But, you specifically
say that this isn't the case.  Your laptop presumably already has Cygwin
installed and you are likely not regularly installing new packages on it
since you are apparently only using it for limited purposes.

Anyway, I'm sorry I put this to a vote.  I've nuked the legacy code from
the release area.  I haven't removed the link from the web site so we'll
see if someone complains to the cygwin mailing list.  As I mentioned,
there were 14 attempts to download the legacy code last year.  That is
not a strong justification for keeping it around.

Lots of OS distributions retire old versions.  We don't have to be an
exception.

cgf


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]