cvs commit: ports/devel/tmake Makefile distinfo
Eivind Eklund
eivind at FreeBSD.org
Tue Feb 17 07:23:27 PST 2004
On Tue, Feb 17, 2004 at 02:20:46PM +0100, Michael Nottebrock wrote:
> On Tuesday 17 February 2004 14:09, Dag-Erling Smørgrav wrote:
> > When the checksum of a distfile changes, there is a considerable risk
> > that someone may have trojaned the distfile. As a port maintainer,
> > you are exptected to verify that this is not the case before updating
> > the checksum in distinfo. You are also expected to summarize the
> > reason for the changed checksum in the commit message so that The Rest
> > Of Us[tm] can rest assured that you have indeed verified that the
> > distfile was not trojaned.
>
> I didn't know that I was supposed to perform a security audit and I did not do
> so. So if anyone happens to have the old distfile still around, please send
> it my way, cause I don't. I suggest next time instead of marking a port as
> BROKEN= Checksum mismatch, mark it as BROKEN= Needs security audit so I won't
> be tempted to fix it.
We should probably use FORBIDDEN instead of BROKEN for checksum
mismatches, and have a notice in the porter's handbook. This would make
it more obvious. I have no patch because I did not find any obvious
place to add it.
BROKEN=Needs security audit
would say MUCH less to me than BROKEN="Checksum mismatch". For me
(probably because I've got a background where I've been heavily security
focused) "Checksum mismatch" makes it obvious that somebody has changed
the distfile in some unspecified way, and we thus need a review of the
changes. However, "Needs security audit" screams "This code is utterly
rotten and more or less certainly contains security holes. We can't
give it to the users until all the code has been audited." which is
quite different from "We need to review a likely small diff".
Eivind.
More information about the cvs-ports
mailing list