FreeBSD Port: lang/php5 (distinfo missmatch)
Jeremy Chadwick
freebsd at jdc.parodius.com
Mon May 15 22:00:42 UTC 2006
On Mon, May 15, 2006 at 05:29:00PM -0400, Mike Jakubik wrote:
> The md5 checksum and the size of php-5.1.4.tar.bz2 seems to differ from
> what the file actually is, and what is described on the php website.
>
> root at spamtoaster.home.local:/usr/ports/lang/php5# make fetch
> ===> Vulnerability check disabled, database not found
> => php-5.1.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
> => Attempting to fetch from http://br.php.net/distributions/.
> fetch: http://br.php.net/distributions/php-5.1.4.tar.bz2: size mismatch:
> expected 5992825, actual 6356171
> => Attempting to fetch from http://cn.php.net/distributions/.
> fetch: http://cn.php.net/distributions/php-5.1.4.tar.bz2: size mismatch:
> expected 5992825, actual 6356171
>
> ...
>
> Website states:
>
> PHP 5.1.4 (tar.bz2) [6,207Kb] - 04 May 2006
> md5: 66a806161d4a2d3b5153ebe4cd0f2e1c
Taken from the PHP home page, in bold:
>> The tarballs were updated to include the PEAR's phar file, previously
>> missing from the release.
Is this the newest trend in the open-source world? Re-packaging
pre-existing tarballs and modifying patches and other what-nots? This
is really *really* bad form and behaviour. It completely defeats the
purpose (re: security) of MD5 and SHA checksums. All this does is
induce more Bugzilla bugs and support mails -- and ultimately waste
everyone's time.
I'd love to get my hands around the necks of some of these folks... if
any of tehm read freebsd-ports: **PLEASE STOP DOING THIS**!
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. |
More information about the freebsd-ports
mailing list