From owner-cvs-all@FreeBSD.ORG  Tue Feb 17 05:44:51 2004
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1362516A4CE
	for <cvs-all@FreeBSD.org>; Tue, 17 Feb 2004 05:44:51 -0800 (PST)
Received: from 21322530218.direct.eti.at (21322530218.direct.eti.at
	[213.225.30.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4514F43D2F
	for <cvs-all@FreeBSD.org>; Tue, 17 Feb 2004 05:44:50 -0800 (PST)
	(envelope-from tilman@arved.at)
Received: from huckfinn-wi0.arved.de (localhost [127.0.0.1])
	i1HDhRs9085476;	Tue, 17 Feb 2004 14:44:48 +0100 (CET)
	(envelope-from tilman@arved.at)
Received: (from tilman@localhost)
	by huckfinn-wi0.arved.de (8.12.11/8.12.6/Submit) id i1HDhRnI085475;
	Tue, 17 Feb 2004 14:43:27 +0100 (CET)
X-Authentication-Warning: huckfinn-wi0.arved.de: tilman set sender to
	tilman@arved.at using -f
Date: Tue, 17 Feb 2004 14:43:27 +0100
From: Tilman Linneweh <arved@FreeBSD.org>
To: Michael Nottebrock <michaelnottebrock@gmx.net>
Message-ID: <20040217134327.GA85445@huckfinn.arved.de>
References: <200402091336.i19Da8nQ019809@repoman.freebsd.org>
	<200402171404.30701.michaelnottebrock@gmx.net> <xzpr7wtn98t.fsf@dwp.des.no>
	<200402171420.47274.michaelnottebrock@gmx.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200402171420.47274.michaelnottebrock@gmx.net>
User-Agent: Mutt/1.4.2.1i
cc: cvs-all@FreeBSD.org
cc: Kris Kennaway <kris@obsecurity.org>
Subject: Re: cvs commit: ports/devel/tmake Makefile distinfo
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2004 13:44:51 -0000

* Michael Nottebrock [Di, 17 Feb 2004 at 14:20 GMT]:
>> > > > >   Fix distinfo, SIZEify.
>> > > >
>> > > > You forgot to summarize what changed.
>> > >
>> > > I didn't see a followup to this.
>> >
>> > I have no idea what you expect me to write.
>>
>> When the checksum of a distfile changes, there is a considerable risk
>> that someone may have trojaned the distfile.  As a port maintainer,
>> you are exptected to verify that this is not the case before updating
>> the checksum in distinfo.  You are also expected to summarize the
>> reason for the changed checksum in the commit message so that The Rest
>> Of Us[tm] can rest assured that you have indeed verified that the
>> distfile was not trojaned.
>
> I didn't know that I was supposed to perform a security audit and I did not=
>  do=20
> so. So if anyone happens to have the old distfile still around, please send=
>=20
> it my way, cause I don't. I suggest next time instead of marking a port as=
>=20
> BROKEN=3D Checksum mismatch, mark it as BROKEN=3D Needs security audit so I=
>  won't=20
> be tempted to fix it.
>

I intend to remove this port in a few days. It is obsolete and superseded by
qmake.

I have just updated the last port that did depend on it.

regards
tilman