cvs commit: ports/chinese/ibus-chewing distinfo
Wesley Shields
wxs at FreeBSD.org
Mon Dec 13 18:34:57 UTC 2010
On Mon, Dec 13, 2010 at 06:19:10PM +0000, Philip M. Gollucci wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/13/10 16:41, Wesley Shields wrote:
> > On Mon, Dec 13, 2010 at 04:37:17AM +0000, Philip M. Gollucci wrote:
> >> pgollucci 2010-12-13 04:37:17 UTC
> >>
> >> FreeBSD ports repository
> >>
> >> Modified files:
> >> chinese/ibus-chewing distinfo
> >> Log:
> >> - Fix checksum
> >
> > I thought it was a good idea to state what changed when a distfile was
> > re-rolled without a version bump.
> Well it is, but they re-rolled inbetween my tb test, commit and QAT
> processing it. I can go digg it up but I was just trying to fix the QAT
> nag mail at the time.
I'm not requesting that you do that, but it could potentially be a
malicious distfile now. We need to be extra careful not to propagate
those if we can help it, hence the suggestion to document what was
changed in order to show due diligence.
I realize the chances of this one being malicious is small, but it is
best to diff the two before commit, even if QAT is angry at you. I'd
rather see a broken port for the short period of time it takes to do the
right thing than one that is malicious that slipped through the cracks.
-- WXS
More information about the cvs-ports
mailing list