cvs commit: ports/www/gist Makefile distinfo
dougb at FreeBSD.org
Thu Apr 5 19:15:42 UTC 2012
On 4/5/2012 11:52 AM, Wesley Shields wrote:
> When distfiles change it is normal for a committer to review what
> changed between the old and new and at least note that in the commit
It's not just normal, it's required.
In this situation I think that the commit should probably be backed out,
and the port marked BROKEN until the questions about the new distfile
can be adequately answered.
> The whole point is to avoid blindly updating distinfo with
> information from a trojaned copy.
> Sadly with a 40x size increase it sounds like it may be a lot of review
> work. A workaround is to ask upstream for confirmation that the distfile
> was intentionally rerolled along with confirmation that the hash you
> have is correct. Bonus points if they can point you to a changelog to go
> along with the new distfile.
> -- WXS
More information about the cvs-ports