Date: Tue, 21 May 2002 17:30:29 -0700 From: Kris Kennaway <kris@obsecurity.org> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Kris Kennaway <kris@obsecurity.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/security/drweb Makefile distinfo ports/security/drweb/files patch-aa patch-ab Message-ID: <20020521173029.A36618@xor.obsecurity.org> In-Reply-To: <20020521235911.GA91185@nagual.pp.ru>; from ache@nagual.pp.ru on Wed, May 22, 2002 at 03:59:12AM %2B0400 References: <200205211516.g4LFGeo82331@freefall.freebsd.org> <20020521151814.F31955@xor.obsecurity.org> <20020521235911.GA91185@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--2oS5YaxWCcQjTEyO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 22, 2002 at 03:59:12AM +0400, Andrey A. Chernov wrote: > On Tue, May 21, 2002 at 15:18:14 -0700, Kris Kennaway wrote: > > On Tue, May 21, 2002 at 08:16:40AM -0700, Andrey A. Chernov wrote: > > > ache 2002/05/21 08:16:40 PDT > > >=20 > > > Modified files: > > > security/drweb Makefile distinfo=20 > > > security/drweb/files patch-aa patch-ab=20 > > > Log: > > > Distfile re-rolled on official site > >=20 > > Please summarize the diffs in the distfile in a followup commit. >=20 > Should I? Yes; it's a rule we apply to all ports committers. Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/ports.= html#Q10.4.4. > We don't do that even for releases, why do that for silent=20 > updates? I don't want to go into this again, because the discussion has taken place many times already. =20 > In that particular case I know some info, but in general I don't want to= =20 > do special research comparing two distributions byte-by-byte only because= =20 > developers are lazy enough to not explain their own minor updates. It's not a very demanding requirement; just do a diff -ruN and inspect the changes visually. If the changes are significant then just note as such. The main thing you're looking for are changes which were inserted into the distfile maliciously. Kris --2oS5YaxWCcQjTEyO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE86uakWry0BWjoQKURAmEhAJ4qk78QLlgxNTlR7ezBmtHJ40DIxgCg+So4 ex/mOk7A1hQBHW6/GlmmMJ8= =SngB -----END PGP SIGNATURE----- --2oS5YaxWCcQjTEyO-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020521173029.A36618>