cvs commit: ports/www/gist Makefile distinfo

Doug Barton dougb at
Thu Apr 5 19:15:42 UTC 2012

On 4/5/2012 11:52 AM, Wesley Shields wrote:

> When distfiles change it is normal for a committer to review what
> changed between the old and new and at least note that in the commit
> message.

It's not just normal, it's required.

In this situation I think that the commit should probably be backed out,
and the port marked BROKEN until the questions about the new distfile
can be adequately answered.


> The whole point is to avoid blindly updating distinfo with
> information from a trojaned copy.
> Sadly with a 40x size increase it sounds like it may be a lot of review
> work. A workaround is to ask upstream for confirmation that the distfile
> was intentionally rerolled along with confirmation that the hash you
> have is correct. Bonus points if they can point you to a changelog to go
> along with the new distfile.
> -- WXS

More information about the cvs-ports mailing list