RFC: svn for make fetch
delphij at delphij.net
Tue Nov 10 18:54:16 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Eitan Adler wrote:
> Correct me if I'm wrong but I thought that svn did its own checksumming.
> If so why do we need to our own?
"In God we trust, everyone else must have an X.509 certificate."
Well, that's not necessarily be a X.509 certificate but it must be some
form of signature, as it's not too hard to replace a specific revision
in svn if the server gets compromised.
Xin LI <delphij at delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the freebsd-ports