ioquake3 support more platforms
Doug Barton
dougb at FreeBSD.org
Sat Dec 19 08:02:15 UTC 2009
Dominic Fandrey wrote:
> But that's not different for any port. E.g. sysutils/bsdadminscripts is
> all mine, I create the distfiles and maintain the port, their is no
> guarantee that I don't do evil apart from me being quite certain that
> I don't.
Mark already pointed out that maintainers and committers actually _do_
have a responsibility to dig into changes, be knowledgeable about
upgrades, etc. I agree with his perspective on this.
> Why can one assume that an ioquake release is safe? One really cannot.
> It's made by the same people who maintain the non-trustworthy SVN.
>
> What if I created a sourceforge project freebsd-ioquake and published
> my distfiles there as ioquake freebsd releases. Would it suddenly
> turn trustworthy?
The security problems involved in trying to audit a fixed, known set
of files are miniscule compared to the problems involved in auditing a
set of files that can change on a minute by minute basis. The whole
concept of creating a FreeBSD port that checks source files out of a
third-party svn repository is anathema to the whole concept of ports
security.
Doug
--
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
More information about the freebsd-ports
mailing list