ioquake3 support more platforms
kamikaze at bsdforen.de
Sat Dec 19 14:59:46 UTC 2009
Doug Barton wrote:
> Dominic Fandrey wrote:
>> But that's not different for any port. E.g. sysutils/bsdadminscripts is
>> all mine, I create the distfiles and maintain the port, their is no
>> guarantee that I don't do evil apart from me being quite certain that
>> I don't.
> Mark already pointed out that maintainers and committers actually _do_
> have a responsibility to dig into changes, be knowledgeable about
> upgrades, etc. I agree with his perspective on this.
>> Why can one assume that an ioquake release is safe? One really cannot.
>> It's made by the same people who maintain the non-trustworthy SVN.
>> What if I created a sourceforge project freebsd-ioquake and published
>> my distfiles there as ioquake freebsd releases. Would it suddenly
>> turn trustworthy?
> The security problems involved in trying to audit a fixed, known set
> of files are miniscule compared to the problems involved in auditing a
> set of files that can change on a minute by minute basis. The whole
> concept of creating a FreeBSD port that checks source files out of a
> third-party svn repository is anathema to the whole concept of ports
Even if the files were directly checked out from SVN, they'd be
checked out from a tested point in time.
But this is not the case we're talking about (I explained the process
in sufficient detail, I think). I take an up to date snapshot, apply my
patch set, make a couple of test builds and runs, update the patch set
until everything works as expected. Than I wrap the whole thing (SVN
snapshot and my patches) up in a tar.gz and upload it to an ftp server.
There's no danger that anything changes. I'm not about to break md5 and
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Q: What is the most annoying thing on usenet and in e-mail?
More information about the freebsd-ports