cvs commit: ports/devel/tmake Makefile distinfo
Tilman Linneweh
arved at FreeBSD.org
Tue Feb 17 05:44:51 PST 2004
* Michael Nottebrock [Di, 17 Feb 2004 at 14:20 GMT]:
>> > > > > Fix distinfo, SIZEify.
>> > > >
>> > > > You forgot to summarize what changed.
>> > >
>> > > I didn't see a followup to this.
>> >
>> > I have no idea what you expect me to write.
>>
>> When the checksum of a distfile changes, there is a considerable risk
>> that someone may have trojaned the distfile. As a port maintainer,
>> you are exptected to verify that this is not the case before updating
>> the checksum in distinfo. You are also expected to summarize the
>> reason for the changed checksum in the commit message so that The Rest
>> Of Us[tm] can rest assured that you have indeed verified that the
>> distfile was not trojaned.
>
> I didn't know that I was supposed to perform a security audit and I did not=
> do=20
> so. So if anyone happens to have the old distfile still around, please send=
>=20
> it my way, cause I don't. I suggest next time instead of marking a port as=
>=20
> BROKEN=3D Checksum mismatch, mark it as BROKEN=3D Needs security audit so I=
> won't=20
> be tempted to fix it.
>
I intend to remove this port in a few days. It is obsolete and superseded by
qmake.
I have just updated the last port that did depend on it.
regards
tilman
More information about the cvs-all
mailing list