From owner-cvs-all Fri Jun 9 14:22: 8 2000 Delivered-To: cvs-all@freebsd.org Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id C85D637B55C; Fri, 9 Jun 2000 14:21:34 -0700 (PDT) (envelope-from green@FreeBSD.org) Date: Fri, 9 Jun 2000 17:21:20 -0400 (EDT) From: Brian Fundakowski Feldman X-Sender: green@green.dyndns.org To: "David E. O'Brien" Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/comms/minicom/files md5 In-Reply-To: <200006091911.MAA57180@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 9 Jun 2000, David E. O'Brien wrote: > obrien 2000/06/09 12:11:03 PDT > > Modified files: > comms/minicom/files md5 > Log: > Revert to rev 1.8 -- which breaks this port again. > I don't know exactly what changed in the distfile. To generate the new > checksum I did ``make distclean makesum''. So I don't have the old distfiles > around to check. I did verify that the new distfiles does compile and the > resulting binary runs. But I guess that is not suffient today. Is a diff from the previously released (minor - 1) version unreasonable? Not a sarcastic or biting question, just frankly, is it too much to be able to check? The diffing-to-find-what-makes-an-md5-change practice is a good thing, but how good is it really when the MD5 from a new version is generated and we act on blind trust? That happens more often than bouncing md5 hashes, so isn't there even _more_ of a chance of a trojan coming in? The whole thing just gives me the willies... that and trusting your CVSup streams... -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message