Re: Adding functionality to a port

Hi!

> As a port maintainer, can I just modify the functionality of the ports I
> maintain without any limits?

Like modifiying a port that does xyz to actually do the reverse ?

No, that would be crazy. Upstream and port users would probably
freak out, and rightly so.

> And as a software developer, can I be sure that the package that is
> installed on FreeBSD systems, and that carries my name and URL, is
> actually still the package that I developed, with the functionality I
> intended?

Non-trivial problem. Read the famous paper on trusting trust:

https://dl.acm.org/doi/10.1145/358198.358210

> And as a sysadmin or user, can I be sure that the port I installed
> actually does what is advertised on the upstream website?

See above.

> I honestly think that these are very important questions...

Yes, but those are unsolvable problems in the framework of a policy.

Don't do crazy things is a generic given in most societies I know of 8-)

> The internet is no longer this friendly place it was 30 years ago. People
> with malicious intent have infiltrated software repositories before, and
> they will keep doing so.

Yes, sure. So that's why there are reviews etc. And still, bad things
happen, and we find out and clean up afterwards.

-- 
pi@FreeBSD.org         +49 171 3101372                  Now what ?