cvs commit: ports/devel/tmake Makefile distinfo
Michael Nottebrock
michaelnottebrock at gmx.net
Tue Feb 17 05:20:53 PST 2004
On Tuesday 17 February 2004 14:09, Dag-Erling Smørgrav wrote:
> Michael Nottebrock <michaelnottebrock at gmx.net> writes:
> > On Tuesday 17 February 2004 13:49, Kris Kennaway wrote:
> > > On Mon, Feb 09, 2004 at 02:07:32PM -0800, Kris Kennaway wrote:
> > > > On Mon, Feb 09, 2004 at 05:36:08AM -0800, Michael Nottebrock wrote:
> > > > > Log:
> > > > > Fix distinfo, SIZEify.
> > > >
> > > > You forgot to summarize what changed.
> > >
> > > I didn't see a followup to this.
> >
> > I have no idea what you expect me to write.
>
> When the checksum of a distfile changes, there is a considerable risk
> that someone may have trojaned the distfile. As a port maintainer,
> you are exptected to verify that this is not the case before updating
> the checksum in distinfo. You are also expected to summarize the
> reason for the changed checksum in the commit message so that The Rest
> Of Us[tm] can rest assured that you have indeed verified that the
> distfile was not trojaned.
I didn't know that I was supposed to perform a security audit and I did not do
so. So if anyone happens to have the old distfile still around, please send
it my way, cause I don't. I suggest next time instead of marking a port as
BROKEN= Checksum mismatch, mark it as BROKEN= Needs security audit so I won't
be tempted to fix it.
--
,_, | Michael Nottebrock | lofi at freebsd.org
(/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org
\u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/cvs-ports/attachments/20040217/b057bcb4/attachment.bin
More information about the cvs-ports
mailing list