RFC: svn for make fetch
roam at ringlet.net
Tue Nov 10 22:39:31 UTC 2009
On Tue, Nov 10, 2009 at 06:12:40PM +0000, RW wrote:
> On Tue, 10 Nov 2009 12:32:28 +0200
> Peter Pentchev <roam at ringlet.net> wrote:
> > The Ports Collection's distfile checksums make sure that you get
> > exactly the same files *as the port maintainer examined at some
> > previous moment in time*.
> More importantly it guards against maliciously modified source code.
> Someone might break into a legitimate mirror or use dns poisoning to
> distribute malware.
That's the whole point :) That's also why the maintainer is supposed to
examine the files before submitting (or committing) a port update -
to guard against source code that has been maliciously modified on
the master sites (or on fake master sites that the maintainer has been
Peter Pentchev roam at ringlet.net roam at space.bg roam at FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
If wishes were fishes, the antecedent of this conditional would be true.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 834 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20091110/6e0b9c67/attachment.pgp
More information about the freebsd-ports