From owner-cvs-all@FreeBSD.ORG Tue Feb 17 07:23:26 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8D4716A4CE; Tue, 17 Feb 2004 07:23:26 -0800 (PST) Received: from srv01.sparkit.no (srv01.sparkit.no [193.69.116.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60CD643D1F; Tue, 17 Feb 2004 07:23:26 -0800 (PST) (envelope-from eivind@FreeBSD.org) Received: from ws ([193.69.114.88]) by srv01.sparkit.no (8.12.10/8.12.10) with ESMTP id i1HFNLiA077078; Tue, 17 Feb 2004 16:23:21 +0100 (CET) (envelope-from eivind@FreeBSD.org) Received: from ws (localhost [127.0.0.1]) by ws (8.12.9/8.12.10) with ESMTP id i1HFMiqB007240; Tue, 17 Feb 2004 15:22:44 GMT (envelope-from eivind@ws) Received: (from eivind@localhost) by ws (8.12.9/8.12.10/Submit) id i1HFMibf007226; Tue, 17 Feb 2004 15:22:44 GMT (envelope-from eivind) Date: Tue, 17 Feb 2004 15:21:43 +0000 From: Eivind Eklund To: Michael Nottebrock Message-ID: <20040217152143.GD3525@FreeBSD.org> References: <200402091336.i19Da8nQ019809@repoman.freebsd.org> <200402171404.30701.michaelnottebrock@gmx.net> <200402171420.47274.michaelnottebrock@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200402171420.47274.michaelnottebrock@gmx.net> User-Agent: Mutt/1.5.4i cc: cvs-ports@FreeBSD.org cc: cvs-all@FreeBSD.org cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/devel/tmake Makefile distinfo X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2004 15:23:27 -0000 On Tue, Feb 17, 2004 at 02:20:46PM +0100, Michael Nottebrock wrote: > On Tuesday 17 February 2004 14:09, Dag-Erling Smørgrav wrote: > > When the checksum of a distfile changes, there is a considerable risk > > that someone may have trojaned the distfile. As a port maintainer, > > you are exptected to verify that this is not the case before updating > > the checksum in distinfo. You are also expected to summarize the > > reason for the changed checksum in the commit message so that The Rest > > Of Us[tm] can rest assured that you have indeed verified that the > > distfile was not trojaned. > > I didn't know that I was supposed to perform a security audit and I did not do > so. So if anyone happens to have the old distfile still around, please send > it my way, cause I don't. I suggest next time instead of marking a port as > BROKEN= Checksum mismatch, mark it as BROKEN= Needs security audit so I won't > be tempted to fix it. We should probably use FORBIDDEN instead of BROKEN for checksum mismatches, and have a notice in the porter's handbook. This would make it more obvious. I have no patch because I did not find any obvious place to add it. BROKEN=Needs security audit would say MUCH less to me than BROKEN="Checksum mismatch". For me (probably because I've got a background where I've been heavily security focused) "Checksum mismatch" makes it obvious that somebody has changed the distfile in some unspecified way, and we thus need a review of the changes. However, "Needs security audit" screams "This code is utterly rotten and more or less certainly contains security holes. We can't give it to the users until all the code has been audited." which is quite different from "We need to review a likely small diff". Eivind.