Date: Wed, 22 May 2002 00:48:52 -0400 From: Brian T.Schellenberger <bts@babbleon.org> To: "Andrey A. Chernov" <ache@nagual.pp.ru>, kris@obsecurity.org, ports@FreeBSD.ORG, portmgr@FreeBSD.ORG, core@FreeBSD.ORG Subject: Re: My position on commiters guide 10.4.4 Message-ID: <20020522044853.92549BB29@i8k.babbleon.org> In-Reply-To: <20020522041150.GA92851@nagual.pp.ru> References: <20020522041150.GA92851@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Not that I am a porter or even close to, but I thnk that your proposed rule below (I won't port any application which has changed without a version number change) is a reasonable one. Really, ports that change without version number changes are a real pain to deal with, and a new port should be rolled up for them only if there is a very good reason (which the porter understands), which is all this rule seems to be saying. So your position of simply not updating the port until the version number does change certainly seems reasonable to me. If there's somebody else who needs your port _so_ bad that he _must_ get it before the version number changes then *he* can do the ports and fill in all the necessary information. Am I missing something here? On Wednesday 22 May 2002 12:11 am, Andrey A. Chernov wrote: | This statement appearse as result of my conflict with Kris Kennaway who | insist on rule #10.4.4. | | http://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/ports. |html#Q10.4.4. | | I am in strong disagreement with this rule, because, in general, it is not | a porter tasks described there. Lets go into details. First of all, here | is whole text to make citation easy to find: | | --------------- | 10.4.4. What is the proper procedure for updating the checksum for a | port's distfile when the file changes without a version change? | | When the checksum for a port's distfile is updated due to the author | updating the file without changing the port's revision, the commit message | should include a summary of the relevant diffs between the original and | new distfile to ensure that the distfile has not been corrupted or | maliciously altered. If the current version of the port has been in the | ports tree for a while, a copy of the old distfile will usually be | available on the ftp servers; otherwise the author or maintainer should be | contacted to find out why the distfile has changed. | ----------- | | 1) As a porter, I am already sure, making port, that "distfile has not | been corrupted", there is no needs to reflect it in the commit message | somehow. | | 2) As a porter, all I do is the port and it is not mine task to do needed | tests to be sure that distfile is not "maliciously altered". Probably it | is local security officer task. | | 2.1) For binary port (as example, in my conflict) code analyze needed, | using debugger or something like. I not plan to dedicate my life time to | single port, it is local security officer task, if he think that | application is critical for local system. | | 3) Running "relevant diffs between the original and new distfile" is not | porter task too. Probably it is local security officer task. It have | nothing common with porting, i.e. tuning application for FreeBSD. | | 3.1) As a porter, not a developer, I may not fully understand every change | that developers made without any announce. | | 3.1.1) Even if I understand some of them during the porting work, it not | means I must describe them, it is developers task to describe their | product changes. | | 4) "The author or maintainer should be contacted to find out why the | distfile has changed". This is local security officer task too. To be | involved in such mail exchanges with developers, i.e. to educate them to | not re-roll distfiles without version number change, to ask to describe | what realy happens - I don't have time and resources for all of that, it | is not porter task. | | What I suggest? Remove that rule. Porter commit message something like | "Distfile re-rolled without name change" should bring enough local | security officer attention. | | To resolve my conflict I ask all interested parts to consider my statement | and issue some resolution about rule 10.4.4. | | In case this rule stays as is, I forced to officially declare that I will | not touch any re-rolled port anymore until its version number will be | changed, since following 10.4.4 rule is against principles of common sense | in form I have them. | | Thank you for your attention. -- Brian T. Schellenberger . . . . . . . bts@wnt.sas.com (work) Brian, the man from Babble-On . . . . bts@babbleon.org (personal) http://www.babbleon.org http://www.eff.org http://www.programming-freedom.org If you smell the smoke you don't need to be told what you've got to do; Yet there's a certain breed, so very in-between, they'd rather take a vote. -- DEVO -- Here To Go To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020522044853.92549BB29>